diff --git a/roles/custom/matrix_playbook_migration/defaults/main.yml b/roles/custom/matrix_playbook_migration/defaults/main.yml
index c61e7120..1ca6c011 100644
--- a/roles/custom/matrix_playbook_migration/defaults/main.yml
+++ b/roles/custom/matrix_playbook_migration/defaults/main.yml
@@ -26,3 +26,19 @@ matrix_playbook_migration_matrix_aux_migration_validation_enabled: true
 
 # Controls if (`matrix_jitsi` -> `jitsi`) validation will run.
 matrix_playbook_migration_matrix_jitsi_migration_validation_enabled: true
+
+# Controls if the old apt repository (likely without a `signed-by` option) on Debian-based systems will be removed.
+#
+# Older versions of the Docker role (5.x, 6.x) used to install a repository at a path like: `/etc/apt/sources.list.d/download_docker_com_linux_*`
+# For 6.x, the repository included a `signed-by` option, but for earlier versions it did not.
+#
+# New versions of the Docker role (7.0+) install a new apt repository with `signed-by` option to a different path (`/etc/apt/sources.list.d/docker.list`),
+# but if a non-signed-by repository exists at the old path, a conflict will arise.
+#
+# Our workaround is to just delete the old repository file. Later, when the Docker role runs, it will install a new one at the new path.
+#
+# See:
+# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2999
+# - https://github.com/geerlingguy/ansible-role-docker/pull/410
+matrix_playbook_migration_debian_signedby_migration_enabled: true
+matrix_playbook_migration_debian_signedby_migration_repository_path: "/etc/apt/sources.list.d/download_docker_com_linux_{{ ansible_distribution | lower }}.list"
diff --git a/roles/custom/matrix_playbook_migration/tasks/debian_docker_signedby_migration.yml b/roles/custom/matrix_playbook_migration/tasks/debian_docker_signedby_migration.yml
new file mode 100644
index 00000000..ac1c5cd1
--- /dev/null
+++ b/roles/custom/matrix_playbook_migration/tasks/debian_docker_signedby_migration.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Remove old Docker apt repository, potentially lacking signed-by option
+  ansible.builtin.file:
+    path: "{{ matrix_playbook_migration_debian_signedby_migration_repository_path }}"
+    state: absent
diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml
index 4dbd3554..d6b24c39 100644
--- a/roles/custom/matrix_playbook_migration/tasks/main.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/main.yml
@@ -6,6 +6,15 @@
   block:
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
 
+- when: ansible_os_family == 'Debian' and matrix_playbook_migration_debian_signedby_migration_enabled | bool
+  tags:
+    - setup-all
+    - install-all
+    - setup-docker
+    - install-docker
+  block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/debian_docker_signedby_migration.yml"
+
 - tags:
     - setup-all
     - install-all