Broken Developer Certificates and Profiles

I am extremely worried about my certificates/profiles and need help fixing the issue. I have my app in the Apple app store for iPhone, iPad, and Mac and have sent out multiple updates. I just recently updated my Xcode to Xcode 12 and can no longer send my Mac Catalyst version of the app to Apple's notary service and get these errors:

Cannot create a Mac Catalyst Developer ID provisioning profile for "". The App Groups capability is not available for Mac Catalyst Developer ID provisioning profiles. Disable this feature and try again.

Provisioning profile failed qualification Profile doesn't include the selected signing certificate.

Provisioning profile failed qualification Profile doesn't support App Groups.

Before this point, I had not generated a new Developer ID profile since February and have had App Groups in my app for many months and sent out multiple updates and notaries with it. After tons of research, I saw that it maybe has something to do with my Developer ID Profile so I looked into it on the Apple developer website and saw that the status said invalid. I made a new one, removed the invalid one, and tried the steps of archiving a new build and trying to send it to Apple's notary but ended up getting the same error.

I have done more research and stumble upon https://developer.apple.com/support/certificates/ and saw that removing a profile may cause me to not update my current apps in the app store. Did I remove my entire access to update my apps???

I still can not figure out the notary issue and am now extremely worried that I have messed up my chances of updating my app again. Can you please help me with both issues?

I have a Mac update I would like to send out to the App Store as soon as possible but want to know if it's safe before sending it to users.
Up vote post of helper132 Down vote post of helper132
1.9k views
Posted by
helper132
Reply
Add a Comment

Replies

saw that removing a profile may cause me to not update my current apps
in the app store

I’m not sure how you came to that interpretation. Let me reassure you that it really is quite hard to mess things irretrievably (1). I’ll do what I can to help you out here but this may need more time than I can allocate in this context, in which I’ll ask you to open a DTS tech support incident.

Anyway, first things first, what are your deployment targets? You wrote:

I have my app in the Apple app store for iPhone, iPad, and Mac

This sounds like your Mac app ships via the Mac App Store. But elsewhere in your post you mentioned Developer ID and the notary service, which make it sound like your Mac app ships outside of the Mac App Store. Which is it?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

(1) Indeed, the only thing that’s hard to recover from is creating and then loosing (or leaking) a bunch of Developer ID private keys. See this post for more on that.
Posted by
eskimo
Post not yet marked as solved Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
Hi @eskimo! Thank you so much for responding I have spent the weekend trying to figure this out and nothing is still working :(

My iPhone/iPad and Mac Catalyst app all ship via App Store. Before I submit any Mac update to App Store Connect I always send it to Apple's notary system (via distributing it to Developer ID) so I can export it and test the app out on a separate Mac just to have a piece of mind that the build is working well.

I have an update ready and tried my usual routine of sending it to the notary system and I get those errors. I have had app groups in my app for a long time and haven't changed anything with it. The only change was updating my Xcode to Xcode 12.
Posted by
helper132
Up vote reply of helper132 Down vote reply of helper132
Add a Comment

My iPhone/iPad and Mac Catalyst app all ship via App Store.

OK, thanks for clarifying. Mac Catalyst is an interesting hybrid between iOS and macOS, in that recent systems have started enforcing iOS-style App Group rules for Mac Catalyst apps. Unfortunately I’m not fully up to speed on these changes. I recommend that you open a DTS tech support incident so that I can research this in depth.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Post not yet marked as solved Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
Any updates on this? I am running into the same problem. In my case, I ship the beta builds using Developer ID but will be listing the app in the Mac App Store when I launch.
Posted by
girishw
Up vote reply of girishw Down vote reply of girishw
Add a Comment

I just ran into the same issue ... any updates? My app is not fit for a MAS submission, but I'd like to use the notary service to test it internally on several Macs (also from users not part of the dev team).

Posted by
MyMattes
Up vote reply of MyMattes Down vote reply of MyMattes
Add a Comment