how to renew expired certificate with fastlane? - ios

My iOS certificate is stored in GitHub and it is expired, the failure message in circleci progress is that ‘Your certificate 'xxxxxxx.cer' is not valid, please check end date and renew it if necessary’.
Do I need to create a new certificate, or download an existing one? I don’t remember how this was originally created, I thought it was done by Fastlane as part of the build.
But I don't know how to modify the Fastlane command, I have tried to add the 'cert', but it fails.

You can use fastlane match development after deleting the development profiles and certificates from your git repo. Alternatively, you can delete everything from git repo and run fastlane match
If you do not care about existing profiles and certificates, just run fastlane match nuke development and fastlane match nuke appstore, then fastlane match development and fastlane match appstore. These commands will first delete everything from your git repo and apple developer portal and the next two commands will create everything on your apple developer portal and push them to your git repo.
Read up this

Before start ensure you got certificates repo in github
https://docs.fastlane.tools/actions/match/
Clearing old certificates
fastlane match nuke development
fastlane match nuke distribution
After clearing, we need to re-create new certificates
fastlane match development
fastlane match appstore
and restart your Xcode

I renewed expired certificate by deleting it from the Git repository and then running fastlane match. If you append --force it will also renew the profiles to use the new certificate.
Steps:
Delete expired certificate from Git repository.
Run fastlane match development --force to renew certificate and profiles. (Replace development with appstore or adhoc depending on your certificate type.

I find the simplest way is to delete the expire .cer on Develop portal and run match again.

Related

Fastlane enterprise iOS certificate expiring

I have used Fastlane to manage our enterprise certificates and profiles.
Now the enterprise certificates are expiring next month.
My questions are:
If I nuke the enterprise certificates & profiles using "fastlane match nuke enterprise" and recreate new profiles and certificates then do my currently deployed apps (to more than 5000 users) stop working on their iPad?
How can I create another distribution certificate using Fastlane and renew all the profiles using the new certificate and keeping the old certificate as it is so that my already deployed apps do not get affected?
Finally, this is what I did and it worked in Production.
Apple Developer Account Type: Enterprise.
Delete the Enterprise certificate files from the git repository where Fastlane pushes the certificates and profiles.
Run "fastlane match enterprise".
This will create a new Enterprise certificate. Note Apple only allows 2 production certificates per account. So at this point, your account should show your old and the newly created Distribution (Enterprise) certificate.
Now run "fastlane match enterprise --force"
This will re-create the profiles using the new certificate and push it to the Git repository. Pass the bundle identifiers of all the profiles which you wish to renew.
You could skip Step 2 technically and just execute Step 3 but I didn't do that and I didn't want to redo this again.
So this will keep your current deployed apps active. You can create new builds or re-sign the old builds, with the new certificate and profiles and push out the new builds.
Once you are sure that all the users have the updated builds you can delete the old certificate from the Apple Developer account or let it expire on its own and then delete it, once expired.
Above process will renew the certificate for 3 years and profile for 1 year.

Github Actions - Where do I upload the Certificates and provisioning profiles

I am implementing github actions in my project for Build, test and Deploy.
While Building the app, it gives me an error,
"Code Signing Error: No profile for team 'XXXX' matching 'XXXX' found"
Xcode couldn't find any provisioning profiles matching 'XXXX/XXXX'. Install the profile (by dragging and dropping it onto Xcode's dock item) or select a different one in the Signing & Capabilities tab of the target editor.
Tried to build the project with distribution certificates.
I have tried to upload the certificates and provisioning profiles on a different repository in my account, but it doesn't work.
Where do we upload the certificates?
Hi As per your question it's seem that you are trying to implement CI/CD in your project. You can integrate fastlane that will take care of uploading certificates on a git repo. It will upload all your certificates and provisioning profile on git repo and help's to fetch on your device's keychain.

Fastlane match setup, using match appstore and match development

I am trying to setup fastlane match but am having trouble understanding this step:
After running fastlane match init you can run the following to generate new certificates and profiles:
fastlane match appstore
fastlane match development
What exactly is appstore and development? Are they supposed be assumed scheme names? My app has two schemes (both have different bundle identifiers) they are called MyApp and MyApp UAT do I need to run fastlane match MyApp and fastlane match MyApp UAT?
No, they are not schemes, they are cert/prov of some types.
Yes, you need to create the cert of any kind for each BundId.
Each certificate represent a BundleID and each prov. profile is dependent of a certificate so... yes, you need to create each cert, and then each prov. profile, as you will do manually on iTC.
Run fastlane match --help and it clarify your question
adhoc Run match for a adhoc provisioning profile
appstore Run match for a appstore provisioning profile
change_password Re-encrypt all files with a different password
decrypt Decrypts the repository and keeps it on the filesystem
development Run match for a development provisioning profile
enterprise Run match for a enterprise provisioning profile
[...]
You see, development mean which is not distribution, you could create also adhoc, etc.. and appStore mean distribution for not the enterprise bundleID.
Any doubt, please ask me ;)

Fastlane certificate error

I'm starting to have an issue with fastlane. When I run a custom lane that runs pilot the app starts to compile but eventually terminates with an error. In the fastlane log I have:
Provisioning profile "match AppStore com.mycompany.myapp-test" doesn't include signing certificate "iPhone Developer: Bob Trotter (XXXXXXXXX)".
Code signing is required for product type 'Application' in SDK 'iOS 10.0'.
I have logged into the apple developer website. Gone into the provisioning profile and added myself. I have tried doing a project clean and downloading the certificates in xocode. I have also run fastlane certs. Any idea what I am doing wrong here? Any pointers on this would be great!!
It seems that you are trying to use pilot with a developer certificate.
As pilot is used to submit your app to TestFlight and subsequently to ApStore, it seems consistent that the error message saying match AppStore ... for the provisioning profile and iPhone Developer: ... for the certificate would generate errors.
It looks like you are setting the correct provisioning profile but not the correct certificate to match. You can check that on XCode by going to you project target -> Build settings -> Code Signing Identity (Release) and selecting iPhone Distribution
If you are using cert you might as well create Distribution certificates, which your App Store provisioning should be matching.
Alternatively (and personally my option of choice today) you can use match to create you provisioning profiles for both development and distribution, which will also configure your sigh environment variables to be used by XCode.
Based on your example bundle identifier, you could do this by executing the following command(s)
$ sudo gem install match
$ match appstore -a com.mycompany.myapp-test

Transitioning to Fastlane Match Duplicate Certificates CI

I am trying to transition my team to using Fastlane Match. I have it working on my local machine, but not on our CI (jenkins) machine. Our CI machine still has the old certificate installed on it and I assume this is causing the issue. When running through CI I get the error:
Code Signing Error: Provisioning profile "match InHouse >bundle id<" doesn't include signing certificate "iPhone Distribution: >org<".
My best guess is that gym is picking up the wrong cert when trying to verify the provisioning profile because both certs have the same name.
Is there a way to specify which cert to use by id or expiration date when archiving the build from gym/xcodebuild?
Deleting the old certificate is not a viable option because, as of now, we still need the old cert until our fastlane build is 100% stable and everyone has transitioned to using it.
Thanks!
Yes you can specify which cert to use in one of two ways:
In your fastfile with the export_options and provisioningProfiles option:
.
gym(
...
export_options:{
compileBitcode: false,
signingStyle: "manual",
provisioningProfiles:{
"com.myapp.iosapp": "match AdHoc com.myapp.iosapp"
}
Or in Xcode's Build Settings, by setting each of the certs manually:

Resources