How to renew an expired certificate with Fastlane Match

⋅ 3 min read ⋅ Development Fastlane

Table of Contents

Fastlane is my go-to tool for everything non-code related. One module that I love is Match. Match creates all required certificates & provisioning profiles and stores them in a separate git repository and sync them across your team.

It helps me avoid all the headache managing certificates and provisioning profiles for all these years.


Apple certificate only lasts for one year. So, you need to renew it every year, and this is where the problem begins. There is a small hiccup about this renewal process. Based on the discussion, The expired certificate is automatically removed by Apple and Fastlane doesn't really know if it was revoked manually by someone, expired, or if some other error occurred. So, instead of presuming anything unknown/dangerous to the user and their certificates, Match prompts us with the following error.

[!] Your certificate 'XXXXXXXXXX.cer' is not valid, please check end date and renew it if necessary

Which might leave you wondering how you could renew it? Manually or with Fastlane command?

So, this leaves us with two solutions, Automatically with the help of fastlane match nuke and manually.

You can easily support by checking out this sponsor.

Sponsor and reach thousands of iOS developers.

Automatically with nuke

Nuke command revoke your certificates and provisioning profiles, which leave you a clean slate for a new beginning.

You can choose to nuke just only a specific environment of certificates and provisioning profiles by providing profile type (type).

fastlane match nuke development
fastlane match nuke distribution
fastlane match nuke enterprise

After clearing your account, you'll start from a clean slate, and you can run match to generate your certificates and profiles again.

fastlane match appstore
fastlane match development

This might be the easiest and fastest way to get your certificates and provisioning profiles up and running. The downside of this approach is, as the name implies, it will destroy all certificates and provisioning profiles for a particular environment. This might or might not be a problem, depending on your situation.

If you have more control over which certificates and provisioning profiles to destroy, the second way might suit you more.


What nuke really do is remove certificates and provisioning profiles for you, so you can choose to do that yourself.

  1. To do that, you need to make Fastlane forgot about existing certificates by removing them from the repository.

  1. Then go to Apple Developer portal and delete the provisioning profiles that associated with the certificate.
  1. Run fastlane match again, and it will re-create new certificates and provisioning profiles for you.

You can easily support by checking out this sponsor.

Sponsor and reach thousands of iOS developers.

Read more article about Development, Fastlane, or see all available topic

Enjoy the read?

If you enjoy this article, you can subscribe to the weekly newsletter.
Every Friday, you'll get a quick recap of all articles and tips posted on this site. No strings attached. Unsubscribe anytime.

Feel free to follow me on Twitter and ask your questions related to this post. Thanks for reading and see you next time.

If you enjoy my writing, please check out my Patreon and become my supporter. Sharing the article is also greatly appreciated.

Become a patron Buy me a coffee Tweet Share
How to Add inline images with text in SwiftUI

In iOS 14, we have a new way to put images along with texts.

Quick way to open a Custom URL Scheme in iOS Simulator

In the past, the way I test a custom URL scheme is to go to Safari and open up any of my custom URLs. If you are still doing that, there is a better alternative.

← Home