How to renew an expired certificate with Fastlane Match

Development Fastlane

Fastlane is my go-to tool for everything non-code related. One module that I love is Match. Match creates all required certificates & provisioning profiles and stores them in a separate git repository and sync them across your team.

It helps me avoid all the headache managing certificates and provisioning profiles for all these years.

Problem #

Apple certificate only lasts for one year. So, you need to renew it every year, and this is where the problem begins. There is a small hiccup about this renewal process. Based on the discussion, The expired certificate is automatically removed by Apple and Fastlane doesn't really know if it was revoked manually by someone, expired, or if some other error occurred. So, instead of presuming anything unknown/dangerous to the user and their certificates, Match prompts us with the following error.

[!] Your certificate 'XXXXXXXXXX.cer' is not valid, please check end date and renew it if necessary

Which might leave you wondering how you could renew it? Manually or with Fastlane command?

So, this leaves us with two solutions, Automatically with the help of fastlane match nuke and manually.

Automatically with nuke #

Nuke command revoke your certificates and provisioning profiles, which leave you a clean slate for a new beginning.

You can choose to nuke just only a specific environment of certificates and provisioning profiles by providing profile type (type).

fastlane match nuke development
fastlane match nuke distribution
fastlane match nuke enterprise

After clearing your account, you'll start from a clean slate, and you can run match to generate your certificates and profiles again.

fastlane match appstore
fastlane match development

This might be the easiest and fastest way to get your certificates and provisioning profiles up and running. The downside of this approach is, as the name implies, it will destroy all certificates and provisioning profiles for a particular environment. This might or might not be a problem, depending on your situation.

If you have more control over which certificates and provisioning profiles to destroy, the second way might suit you more.

Manually #

What nuke really do is remove certificates and provisioning profiles for you, so you can choose to do that yourself.

  1. To do that, you need to make Fastlane forgot about existing certificates by removing them from the repository.
certs/distribution/XXXXXXXXXX.cer
certs/distribution/XXXXXXXXXX.p12

certs/development/XXXXXXXXXX.cer
certs/development/XXXXXXXXXX.p12
  1. Then go to Apple Developer portal and delete the provisioning profiles that associated with the certificate.
  1. Run fastlane match again, and it will re-create new certificates and provisioning profiles for you.

Feel free to follow me on Twitter and ask your questions related to this post. Thanks for reading and see you next time.

If you enjoy my writing, please check out my Patreon https://www.patreon.com/sarunw and become my supporter. Sharing the article is also greatly appreciated.

Become a patron Tweet Share

If you enjoy this article, you can subscribe to the weekly newsletter.

Every Friday, you’ll get a quick recap of all articles and tips posted on this site — entirely for free.

← Home