When trying to refresh a sandbox receipt of my macOS app by using exit(173), storekitd on macOS Sonoma 14.1 logs the following (German) error:
fehler 18:32:58.421785+0100 storekitagent com.(redacted): Failed to renew receipt for exit(173): Error Domain=AMSErrorDomain Code=100 "Authentication Failed" UserInfo={NSMultipleUnderlyingErrorsKey=(```
"Error Domain=AMSErrorDomain Code=2 \"Ein unbekannter Fehler ist aufgetreten. Versuche es erneut.\" UserInfo={NSLocalizedDescription=Ein unbekannter Fehler ist aufgetreten. Versuche es erneut.}",
"Error Domain=NSURLErrorDomain Code=-1202 \"Das Zertifikat f\U00fcr diesen Server ist ung\U00fcltig. Eventuell wird eine Verbindung mit einem Server hergestellt, der vorgibt, \U201eauth-sandbox.itunes.apple.com\U201c zu sein und vertrauliche Daten gef\U00e4hrdet.\" UserInfo={NSLocalizedRecoverySuggestion=Soll die Verbindung zum Server trotzdem hergestellt werden?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9843, NSErrorPeerCertificateChainKey=(\n \"<cert(0x14f033000) s: daiquiri-ext.itunes.apple.com i: Apple Public EV Server RSA CA 2 - G1>\",\n \"<cert(0x14f01d000) s: Apple Public EV Server RSA CA 2 - G1 i: DigiCert High Assurance EV Root CA>\",\n``
The error translates to:
The certificate for this server is invalid. A connection may be established with a server pretending to be "auth-sandbox.itunes.apple.com" and compromising confidential data.
The certificate returned by the sandbox auth server seems to be for daiquiri-ext.itunes.apple.com and not valid for auth-sandbox.itunes.apple.com.
When I try to enter https://auth-sandbox.itunes.apple.com in Safari, it tells me that it cannot establish a secure connection to the server.
curl -v https://auth-sandbox.itunes.apple.com logs this:
* Connected to auth-sandbox.itunes.apple.com (17.36.202.9) port 443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN: server accepted h2
* Server certificate:
* subject: businessCategory=Private Organization; jurisdictionCountryName=US; jurisdictionStateOrProvinceName=California; serialNumber=C0806592; C=US; ST=California; L=Cupertino; O=Apple Inc.; CN=daiquiri-ext.itunes.apple.com
* start date: Aug 28 18:07:16 2023 GMT
* expire date: Dec 30 18:17:16 2023 GMT
* subjectAltName does not match auth-sandbox.itunes.apple.com
* SSL: no alternative certificate subject name matches target host name 'auth-sandbox.itunes.apple.com'
* Closing connection 0
curl: (60) SSL: no alternative certificate subject name matches target host name 'auth-sandbox.itunes.apple.com'