Post

Replies

Boosts

Views

Activity

Sandbox App Store receipt cannot be refreshed because auth-sandbox.itunes.apple.com has an invalid certificate
When trying to refresh a sandbox receipt of my macOS app by using exit(173), storekitd on macOS Sonoma 14.1 logs the following (German) error: fehler 18:32:58.421785+0100 storekitagent com.(redacted): Failed to renew receipt for exit(173): Error Domain=AMSErrorDomain Code=100 "Authentication Failed" UserInfo={NSMultipleUnderlyingErrorsKey=(``` "Error Domain=AMSErrorDomain Code=2 \"Ein unbekannter Fehler ist aufgetreten. Versuche es erneut.\" UserInfo={NSLocalizedDescription=Ein unbekannter Fehler ist aufgetreten. Versuche es erneut.}", "Error Domain=NSURLErrorDomain Code=-1202 \"Das Zertifikat f\U00fcr diesen Server ist ung\U00fcltig. Eventuell wird eine Verbindung mit einem Server hergestellt, der vorgibt, \U201eauth-sandbox.itunes.apple.com\U201c zu sein und vertrauliche Daten gef\U00e4hrdet.\" UserInfo={NSLocalizedRecoverySuggestion=Soll die Verbindung zum Server trotzdem hergestellt werden?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9843, NSErrorPeerCertificateChainKey=(\n \"<cert(0x14f033000) s: daiquiri-ext.itunes.apple.com i: Apple Public EV Server RSA CA 2 - G1>\",\n \"<cert(0x14f01d000) s: Apple Public EV Server RSA CA 2 - G1 i: DigiCert High Assurance EV Root CA>\",\n`` The error translates to: The certificate for this server is invalid. A connection may be established with a server pretending to be "auth-sandbox.itunes.apple.com" and compromising confidential data. The certificate returned by the sandbox auth server seems to be for daiquiri-ext.itunes.apple.com and not valid for auth-sandbox.itunes.apple.com. When I try to enter https://auth-sandbox.itunes.apple.com in Safari, it tells me that it cannot establish a secure connection to the server. curl -v https://auth-sandbox.itunes.apple.com logs this: * Connected to auth-sandbox.itunes.apple.com (17.36.202.9) port 443 (#0) * ALPN: offers h2,http/1.1 * (304) (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/cert.pem * CApath: none * (304) (IN), TLS handshake, Server hello (2): * (304) (IN), TLS handshake, Unknown (8): * (304) (IN), TLS handshake, Certificate (11): * (304) (IN), TLS handshake, CERT verify (15): * (304) (IN), TLS handshake, Finished (20): * (304) (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384 * ALPN: server accepted h2 * Server certificate: * subject: businessCategory=Private Organization; jurisdictionCountryName=US; jurisdictionStateOrProvinceName=California; serialNumber=C0806592; C=US; ST=California; L=Cupertino; O=Apple Inc.; CN=daiquiri-ext.itunes.apple.com * start date: Aug 28 18:07:16 2023 GMT * expire date: Dec 30 18:17:16 2023 GMT * subjectAltName does not match auth-sandbox.itunes.apple.com * SSL: no alternative certificate subject name matches target host name 'auth-sandbox.itunes.apple.com' * Closing connection 0 curl: (60) SSL: no alternative certificate subject name matches target host name 'auth-sandbox.itunes.apple.com'
3
1
995
Nov ’23