149

I have an app on app store, which is using an iOS Provisioning Profile (Distribution) which is expired. This Profile contains Push Certificate that's also expired (and does not appear anymore in the portal).

Question 1: Is there a way to recreate the push certificate and then renew the profile? (I still have the push certificate (expired) on my keychain)?

Question 2: Do I need to re-submit the app to app store with a new profile that contains the new Push certificate?

Since the push certificate is expired, I can probably not send notifications to the existing users of the app.

Beat
  • 4,386
  • 2
  • 35
  • 52
Franck
  • 8,939
  • 8
  • 39
  • 57

6 Answers6

251

The push certificate cannot be renewed. You have to create a new one.

The push notification certificate is not part of the application build. Therefore for push to continue working you only have to create a new certificate and deploy the p12 file (or whatever other format you are using) at your server. You don't have to submit a new version of your app.

Eran
  • 387,369
  • 54
  • 702
  • 768
  • (thanks for this super fast reply) And I have to link the push certificate to the AppID? (old expired certificate doesn't appear anymore on the AppID on Apple dev portal) And even the old user(Current app store app linked to old Push certificate) will receive the notification based on the new Push certificate? – Franck Nov 20 '13 at 20:57
  • 1
    Yes, the new push certificate has to be created for the same AppID (the one that contains the bundle ID of the existing app). – Eran Nov 20 '13 at 21:09
  • It work! Many thanks. Very surprise that no need to republish. :) – Franck Nov 20 '13 at 21:27
  • but what if i create a new push certf instead of renewing the older one.. with a new key value pair in the certf now old version of my app won't receive the push right? – hemant Mar 19 '15 at 05:57
  • 1
    @hemant No, the push certificate is only used in your server, so old versions of your app should continue receiving push notifications, regardless of which certificate you use in the server side (assuming the server uses a production push certificate and pushes to the production push env, and the app is signed with a production provisioning profile, which should be the case if you are talking about an app that is already in app store). – Eran Mar 19 '15 at 06:39
  • 1
    @Eran : My Push certificate will expire after 30 days. So Can I revoke current one and create new one ? and after that Push will work with new certificate on existing app store build ? – Maulik Jul 16 '15 at 06:25
  • 11
    Why don't people provide links? Here's the relevant guide for generating the certificate: https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/AddingCapabilities/AddingCapabilities.html#//apple_ref/doc/uid/TP40012582-CH26-SW11 – skensell Apr 05 '16 at 07:49
  • 4
    Users of my App stopped getting Push as push certificate was expired. This answer helped me and I managed things within just 5 minutes and everything worked like a charm. Upvoted !!! – NSPratik Oct 14 '16 at 14:12
  • this didnt worked for me . I changed the push certificates at backend ut on live app i am not able to get notification. But if i create a distribution build then i am etting notifications. – Parv Bhasker Apr 13 '17 at 07:19
  • Every year do i have to create new APNS certificate? – Jasmit Nov 19 '18 at 11:34
  • @Jasmit yes (at least that was true last time I checked). – Eran Nov 19 '18 at 11:40
  • @Maulik Did you get solution to your problem. Even my certificate is going to expire by this month end. Should I need to wait till it expires and upload a new certificate or I can do it now only ? – Vasanth Aug 05 '19 at 13:28
  • 2
    @Vasanth You can generate a new one now and update. It's fine no need to wait. – Maulik Aug 05 '19 at 15:41
  • I have an app in appstore, but the distribution certificate is expiring. Shall i need to create a new build for this while revoing and recreating the certificates – sejn Aug 04 '20 at 05:29
17

You cannot renew an existing push certificate. You just create a new one. But you don't need to. You'd better create a push notifications auth key. You can use it the same way as the certificate, but it doesn't expire and there is no need to renew it every year.

You create the push notifications key from the Member Center, Keys tab:

Create a new push notifications key

Vladimir Grigorov
  • 10,903
  • 8
  • 60
  • 70
  • This is really interesting... is there any way I can use it for VoIP pushes? So far use of keys seems pretty limited to regular notifications? – MegaManX May 14 '18 at 09:20
  • 1
    @MegaManX: Yes, only regular push notifications. You'd better post a SO question about it. – Vladimir Grigorov May 15 '18 at 14:17
  • Is it possible to use same push notification key with multiple apps? – Yalamandarao Jul 19 '18 at 04:01
  • @Singapore: Yes, one key is used for all of your apps. – Vladimir Grigorov Jul 30 '18 at 08:41
  • This results in a .p8 file. – David Apr 27 '19 at 01:15
  • Does this mean that when using an Auth Key, you don't need an APNs Certificate? I ask because I am successfully using an Auth Key with Firebase Cloud Messaging, but for some reason (hopefully legacy) I still have an APNs certificate attached to the "Push Notifications" section within "App ID Configuration" inside of "Certificates, Identifiers & Profiles". – tyler.frankenstein Aug 29 '19 at 16:10
  • 1
    @tyler.frankenstein: Maybe your APNs certificate is still valid? I'm using a key and my App ID has Push Notifications enabled with 0 certificates. – Vladimir Grigorov Aug 30 '19 at 08:44
  • @VladimirGrigorov, thank you. I have confirmed that APNs Certificates are not necessary if you are using an Auth Key. It is safe to let the APNs Certificates expire and/or remove them from your iOS app's "Push Notifications" section if you are using an Auth Key. So the APNs Certificates in my case were indeed legacy. – tyler.frankenstein Sep 11 '19 at 13:38
  • will the key stop working when the membership expires ? and after renewal will it automatically work again? @VladimirGrigorov – azheen Jul 23 '20 at 22:02
11

Adding few words about VoIP push certificates.

Like Push certificates VoIP certificates cannot be renewed, you have to create a new one.

VoIP notifications will not work, if your VoIP certificate is expired or you revoke it.

If you create a new certificate, you need to deploy the new p12 on server side. VoIP certificate is also not part of application build, so you don't have to submit app again.

Irfan Gul
  • 1,579
  • 13
  • 23
7

No need to revoke. You can create an additional APNS certificate for each App ID.

Login to developer account -> Identifiers -> select App ID -> Edit Push Notification -> create an additional certificate -> download and install in Keychain Access -> export in .p12 formatStep 1

Step 2

iHarshil
  • 739
  • 10
  • 22
Manish Nahar
  • 834
  • 10
  • 24
4

For the Apple side:

Your service:

  • Log in and find the "push certificate setup" area (for google this is Mobile Apple Push Cert
  • Download your services signing request

Apple:

  • Upload your signing request
  • Download their response

Your service:

  • Upload the signed response

At this point, everything should be set

Michael Kenworthy
  • 313
  • 2
  • 9
2

Answer 1: This requires to create new certificate from provisioning portal. It is possible to have more than 1 certificates on provisioning portal for one bundle identifier.

Answer 2: No, its not required to resubmit app on AppStore.

Hitesh
  • 61
  • 3
  • 7