Thanks Quinn! I appreciate your detailed response and all the links. I followed your advice and I dropped the --deep and the --sequesterRsrc attributes and tried again. As well checked everything recommended. Unfortunately, no difference to end result. Further on exploring, I did a few more small steps. As I believe it's something with the setup on my machine. I removed every single certificate that even remotely resembles app building/signing from KeyChain and added them back in from XCode (double-checked again its latest version). I did also what I would do on Windows - restarted the machine. Re-set the keychain, env variables, etc... Still, stuck at the same error. I've attached a log of my process and outputs if anyone can spot something I missed and I'm doing it wrong. Much appreciated! The steps build a fresh app sign all the components first, then the app make sure everything is signed delete the old one and create a new zip package send for notarization stapling... Error 65 All the IDs I've checked, match. All the timestamps are there. Even used --preserve-metadata with signing... Funny thing is, even though my build script is not entirely correct, on GitHub Actions with the same vars and certs (copy&paste), and it staples the damn thing. Not the flow I prefer, but I guess I'll have to make that one work. modelist.log