Debugging codesigning issues
This guide will help you resolve the most common code signing errors. In general, make sure to read the complete output when something goes wrong, in particular the very top and the very bottom of the build output. You'll always get access to the raw xcodebuild
output, make sure to analyze it, as fastlane can only assist with helping you resolve problems.
Error message
Make sure to find the exact error message in your build output. Many times the error message actually tells you how to resolve the issue.
To get even more details, try archiving using Xcode 8.
Different machine
Does code signing work on a different Mac, but not on yours? If so, chances are high you don't have the latest private key, the certificate or the provisioning profile. Also follow the Keychain part of this document to make sure you don't have any expired certificates installed.
Xcode project
Make sure to follow Setting up your Xcode Project to properly set up your project.
A check list on what you should verify on your Xcode project
- Make sure to have consistent code signing settings across your targets
- Don't set any code signing settings on your project level, just on the target level
- Make sure the bundle identifier matches the one of your provisioning profile
- Make sure the code signing identity is set to
iOS Distribution
forRelease
builds - Make sure to set a provisioning profile for all your targets, e.g. Watch, Today widget, ...
- Check your working copy in git - did you make any changes by mistake?
Developer Portal
If a certificate gets revoked, all connected provisioning profiles get invalidated. This however might not immediately show up in your local keychain.
- Open the Developer Portal
- Verify your certificates are valid, and didn't expire or get revoked
- Switch to the Provisioning Profiles and make sure the profiles you want to use are all still valid
- If your profile is invalid or expired, you can easily fix it:
- If you're using match, run match with
force
enabled - If you're using sigh, run sigh with
force
enabled - If you're doing manual code signing, edit the provisioning profile, and click on
Generate
on the bottom of the screen. Make sure to select the correct certificate, then download and open the new provisioning profile
- If you're using match, run match with
- If your profile is valid, but you still have issues make sure
- that the certificate matches the certificate you have installed locally. You can view the used certificate by editing the profile (Don't click
Generate
, unless you want to re-generate the provisioning profile) - that all devices you need are included (Development and Ad-Hoc only)
- that you are actually looking at the correct provisioning profile, that matches the bundle identifier of your app. You might have multiple provisioning profiles for the same app / certificate combination. By default Xcode will use the last modified one.
- that the certificate matches the certificate you have installed locally. You can view the used certificate by editing the profile (Don't click
- If your profile is invalid or expired, you can easily fix it:
Keychain
- Run
security find-identity -v -p codesigning
to get a list of locally installed code signing identities. Does yours show up? - Open the
Keychain Access
app, switch toCertificates
and find youriOS Developer
oriOS Distribution
entry and unfold the entry to verify the private key is locally installed:
- Make sure to have deleted all expired WWDR certificates, more information here. There might be 2 expired WWDR certificates, one in the
login
, and one in thesystem
keychain - Run
security default-keychain
to view the default keychain that is used by some fastlane actions if a keychain path is not explicitly provided. If it's the system keychain, make sure fastlane has access to write to it. You may want to reconfigure your environment so the default keychain is the login keychain, which is less prone to permissions errors. If you're usinglaunchctl
, see this link to change the default keychain to the login keychain.
Have you tried turning it off and on again?
As funny as it sounds, sometimes restarting your Mac helps.
fastlane
Run fastlane in verbose mode to get even more debug information:
fastlane [lane] --verbose
Common Issues
Check out Common code signing issues for the most common code signing issues and how you can solve them.