-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
App Store distribution certificate expiring #10724
Comments
It seems like you have not included the output of To make it easier for us help you resolve this issue, please update the issue to include the output of |
Hey @soleares you should be able to run match with the |
I'd like it to create a new profile with the new certificate but I can't figure out how to do that. |
Ah, could you try running |
@ohayon
|
@soleares - I do believe that running |
There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest |
@soleares I ran into the same problem the certificate expired and disappeared from the dev portal. Now when I run match with -- force I get an error. |
@BObereder Just had the same problem. Fixed it by manually deleting the expired certificate from our match git repository and running |
This definitely needs a better solution. I can't use nuke because I have other apps/certificates using the same repo. And waiting for the certificate to expire is not very safe. We are missing a lot of days to prepare a new build with the new certificate. This might not be a big problem with App Store apps, since they still work even if a certificate expires. But with enterprise apps, once the certificate expires, the app stops working. A similar issue is mentioned here for the need to delete individual certificates from a repo: #10502 |
@jlubeck For enterprise you can create a 2nd certificate with the same info before the first expires, create a new provisioning profile based on the new cert and push out an app update using the new profile. I used to do that about a month before the certification expired. This is all manual of course. I'm not sure how I would do this with Fastlane. |
@soleares exactly. I know how to do it manually. But would be nice to have a fastlane solution |
There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest |
Nope, latest version of fastlane doesn't have this feature |
This really has to be a feature in fastlane! Have the same problem now! :) |
Heyyyy 👋 I totes understand this issue. When However, I do agree that there should almost be some sort of mini-nuke on a single provisioning profile so that the newly created profile will be used from the newest cert. <-- I will look into this issue I would also like to fix the App Store expiring issue but that one is a bit harder to test since I can't manually expire a certificate on the iOS Developer Center 😢 |
@joshdholtz First of all, thank you for looking into it!
When an certificate expires IMHO it just disappears from the Dev Center, it is the same behaviour like when you press "revoke" manually. So if |
@CihanBoz Correct, it throws an error because That being said... I think we could create an option to recreate cert (mini nuke) if something like this occurs (so that its at least somewhat opt-in). Thoughts on that? |
The only way I found to do this right now is to manually update the profile/certificate in the git repo:
This should be built into fastlane match as an option, nuking stuff from the program portal just to renew profiles is extremely dangerous as for enterprise deployments can disable the app and we have to renew these and push updates before the old profiles expire. |
A possible solution to force Fastlane match to stop using the certificate that is about to expire is to remove manually the certificate and the private key from the fastlane repo. This is similar to @oanhof. I will test this tomorrow. From my experience with 'match' so far it seems that should work! |
Just to mention that the approach described by me above is working fine. |
Yes, but IRC the general idea of a match repo is, that nobody touches it apart from match. So your approach might work but I would say it is a work around and I would love to have a solution inside match :) |
@KrauseFx @robertjpayne any way you can shed some lite on this feature? seems pretty critical for reviewing soon to expire certs ahead of time. |
There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest |
Please don't close, still interested in this. |
I hope it doesn't delete it if it is still valid? I mean, the idea creating a new before expiration is to have the overlap. If you delete (revoke & delete) it, it will invalidate current IPAs even though you still would have time left, which could be used to allow user's to update to the new IPA signed with the new cert later? Depending on the way of distribution (Third-party MDM or AppStore e.t.c.) and the kind of certificate. |
There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest |
Still interested in this feature. |
Likewise |
Just stumbled onto this thread... Our prod profile is about to expire. Seems crazy to have to let it expire and then run fastlane match to generate a new one... +1 for an option to renew prior to expiration. What is the correct way to handle this without having to manually decrypt and edit the match repo? |
I have done some work and did a work around my side. Basically problem with fastlane is not getting expired profile in the list at all. Spaceship.provisioning_profile.all Never gives expired profile. It can get invalid profile but not expired. If this is fixed then the existing code will work. How its working now.
My work around is generate a new name that can be created. Fix needed is expired profile should be accessible. |
+1 It’s a shame that fastlane offers match but fails to handle expiring certificates without forcing the user to nuke or manually editing the repo, as previously also documented in #10395 and #10076. Would be really great to see this improved and even better to allow preemptively creating new certificates before they expire. |
Shame this hasn't been improved in over a year. |
if someone can tell me is that fastlane not getting expired profile is due to the code or apple not providing.... if someone can tell me which part of the code does this process. |
Yeah, it'd be great if fastlane could regenerate expired certs automatically. Now I'm getting |
Exactly like @agordeev @joshdholtz any updates on that proposal that you made back in november? |
if you are getting profile error, just delete the expired profile. This will fix. If you are getting other error, please post it. |
Hey @krish722, I got the same error as @agordeev: "Your certificate 'XXXXXXXXXX.cer' is not valid, please check end date and renew it if necessary" It's the certificate that expired, not the profile. I know how to delete everything manually from the repos and regenerate them. But it would be so much convenient to have fastlane do it, which I'm guessing that's why everybody uses it, not to do manual stuff Thanks! |
I have same issue. |
"Your certificate 'XXXXXXXXXX.cer' is not valid, please check end date and renew it if necessary" Still waiting for a resolution for this one. |
Fastlane always saves a lot of time and it's almost perfect. But I still hope these hiccups can get fixed or improved. I just solved it by manually deleting my debug certs and profiles for my app. I can't use nuke because I also have many certs and profiles for other apps on it. There's also the fact I don't like manually touching something that has been entirely generated by some system, as it is the case with the fastlane match repo. |
Unfortunately, this was how I solved it as well since I have multiple apps
in my developer account and couldn't afford nuking multiple certs.
…On Sun, Jun 2, 2019, 12:56 PM Andy Ibanez ***@***.***> wrote:
Fastlane always saves a lot of time and it's almost perfect. But I still
hope this hiccups can get fixed or improved. I just solved it by manually
deleting my debug certs and profiles for my app app. I can't use nuke
because I also have many certs and profiles for other apps on it. There's
also the fact I don't like manually touching something that has been
entirely generated by some system, as it is the case with the fastlane
match repo.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#10724?email_source=notifications&email_token=ADMIXBJB6SS4JOR7KJZFTZLPYP3STA5CNFSM4EBGTRH2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODWXZVIQ#issuecomment-498047650>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADMIXBPE5PQDLSVCZQSMXVDPYP3STANCNFSM4EBGTRHQ>
.
|
There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest |
This issue will be auto-closed because there hasn't been any activity for a few months. Feel free to open a new one if you still experience this problem 👍 |
New Issue Checklist
Issue Description
I use match to manage my certs and profiles. What should I do when my App Store distribution certificate is about to expire?
Before Fastlane:
With Fastlane:
fastlane nuke distribution
or manually editing the repo?🚫 fastlane environment 🚫
Stack
System Locale
fastlane files:
`./fastlane/Fastfile`
fastlane gems
Loaded fastlane plugins:
No plugins Loaded
Loaded gems
generated on: 2017-10-27
The text was updated successfully, but these errors were encountered: