diff --git a/serverkeyapi/api/api.go b/serverkeyapi/api/api.go
index f108d437b..48513621f 100644
--- a/serverkeyapi/api/api.go
+++ b/serverkeyapi/api/api.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"net/http"
+	"time"
 
 	"github.com/matrix-org/dendrite/internal/caching"
 	"github.com/matrix-org/gomatrixserverlib"
@@ -94,8 +95,12 @@ func (s *httpServerKeyInternalAPI) FetchKeys(
 	response := QueryPublicKeysResponse{
 		Results: make(map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult),
 	}
+	now := gomatrixserverlib.AsTimestamp(time.Now())
 	for req, ts := range requests {
 		if res, ok := s.immutableCache.GetServerKey(req); ok {
+			if now > res.ValidUntilTS && res.ExpiredTS == gomatrixserverlib.PublicKeyNotExpired {
+				continue
+			}
 			result[req] = res
 			continue
 		}
diff --git a/serverkeyapi/internal/api.go b/serverkeyapi/internal/api.go
index cbae59d9a..2399213e0 100644
--- a/serverkeyapi/internal/api.go
+++ b/serverkeyapi/internal/api.go
@@ -3,6 +3,7 @@ package internal
 import (
 	"context"
 	"fmt"
+	"time"
 
 	"github.com/matrix-org/dendrite/internal/caching"
 	"github.com/matrix-org/dendrite/serverkeyapi/api"
@@ -39,10 +40,14 @@ func (s *ServerKeyAPI) FetchKeys(
 	// First consult our local database and see if we have the requested
 	// keys. These might come from a cache, depending on the database
 	// implementation used.
+	now := gomatrixserverlib.AsTimestamp(time.Now())
 	if dbResults, err := s.OurKeyRing.KeyDatabase.FetchKeys(ctx, requests); err == nil {
 		// We successfully got some keys. Add them to the results and
 		// remove them from the request list.
 		for req, res := range dbResults {
+			if now > res.ValidUntilTS && res.ExpiredTS == gomatrixserverlib.PublicKeyNotExpired {
+				continue
+			}
 			results[req] = res
 			delete(requests, req)
 		}