In this article, I will be showing you how to regenerate expired certificates and profiles using Fastlane match.
Match:
Fastlane is a great tool for automating non-code-related stuff. One module that I really like is Match. Match creates all required certificates & provisioning profiles, stores them in a separate git repository, and syncs them across your team. It helps to avoid all the headaches managing certificates and profiles for all these years.
What if Certificates expired !!!
Apple certificate only lasts for a year. So, you need to renew it every year, and this is where the problem begins.
- The expired certificate is automatically removed by Apple
- Fastlane doesn’t really know if the certificate was expired, revoked by someone, or if something else happened.
So, instead of presuming anything unknown/dangerous to the user and their certificates, the Fastlane match prompts us with the following error!.
[!] Your certificate ‘XXXXXXXXXX.cer’ is not valid, please check end date and renew it if necessaryRenewal:
Since we are storing certificates and profiles in the git repo, you might wonder how you could renew it? Manually or with Fastlane command?
Nuke
if you have a single git branch, absolutely fine to use the nuke command, which can revoke your certificates and provisioning profiles, leaving you a clean slate for a new beginning.
fastlane match nuke development
fastlane match nuke distributionAfter clearing your account, you’ll start from a clean slate, and you can run a match to generate your certificates and profiles again.
fastlane match appstore
fastlane match developmentWarning ⚠️: It will destroy all certificates and provisioning profiles for a particular environment. Be cautious about doing this.
Manual Renewal (Recommended).
If one wants to have more control over which certificates and provisioning profiles to destroy, the second way might suit you more.
- we gonna do the thing that Nuke did for us, which is removing certificates and profiles from the git repository. To do that, you can visit the repository where you hosted encrypted certificates and profiles, and delete them manually. which makes Fastlane forget about existing certificates.
certs/distribution/XXXXXXXXXX.cer
certs/distribution/XXXXXXXXXX.p12
certs/development/XXXXXXXXXX.cer
certs/development/XXXXXXXXXX.p122. Visit the Apple Developer portal and delete the provisioning profiles associated with the certificate. which can help in creating the profiles with the same name as we had earlier, else it might create a profile with TeamId attached.
3. Run fastlane match again, and it will re-create new certificates and provisioning profiles.
fastlane ios create_certs —env AppName (double hypen)
4. New certificate automatically injected into a keychain so as profiles. No need for manual pl2 exports to install the certificates.
5. Relaunch your Xcode, Now we can see the proper certificate and profile chosen in the Signing & Capabilites
Note: We personally use the manual process of renewing certificates and profiles since we have multiple branches that hold encrypted things. it can give more control over handling things.
That’s it for this time! 👏👏👏 . Feel free to comment if you have questions and follow up to get notifications about future articles.
