App signing certificates issue when we upload app into play store

Hello there,

I am heaving trouble into upload apk into play store, since I lost the certificates.

It’s saying certificate fingerprint issue.

What I did

  • expo build:android --clear-credentials , I created .jks file from this.
  • Now I created .pem file(upload certificates) from this expo fetch:android:upload-cert
  • I gave this to google to upload this certificates, since my app was enable for the App Signing. Google uploaded successfully and then ask us to upload the app with the same certificated.

I created the APK again from “expo build:android --clear-credentials”, I choose the option 2 “select my own certificates”.
I set all the details

  1. Certificate path
  2. Key alias:
  3. Key password
  4. Keystore password

And yeah I got the App on Expo account into build section.
I download the app and upload into the App release , It’s the same issue that upload faild with reason “You uploaded an APK that is not signed with the upload certificate. You must use the same certificate. The upload certificate has fingerprint:”

I was wondering that where I did wrong , I am doing first time with Expo, I created many app into react native and upload it.
But from Expo doing first time, so I follow the right steps for that, again Play store denied my APK.
They also gave some command in the approval process to map .pem file.
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

But I did from the expo fetch:android:upload-cert

Please please let me know I am stuck into this.
Thank you :slight_smile:

Check hashes in “App signing” tab in app store and compare them with output of expo fetch:android:hashes. If you have keystore somwhere locally check it using keytool
keytool -list -v -keystore path_to_keystore -alias key_alias

After those 3 steps you listed your app should build with correct credentials, but if I read you correctly you ran clear credntials after that again?
How did you get that keystore you used when specifying credentials manually? if you used fetch:android:keystore specify after which step you did that?

Thank you for the reply,
I have only one JKS now.
And I compare that SHA-1 certificate fingerprint, this is not the same as what we have it on “App signing” tab in Play Store.

I didn’t did this one because I have already the password and .jks when I run this expo build:android --clear-credentials

I keep all this into another folder and doing all the time
expo build:android --clear-credentials
then 2) I want to upload my own keystore!
I gave the path and enter all detail into the CLI

Is this the mistake I did , I should run after **expo build:android ** only , this will signed with the same certificates I used for.

This expo build:android --clear-credentials will clear the details from expo server as well ?

So since I have only 1 .jks for now, I think this will not work.
I need to generate it again and and create new .pem file and send again to Google to update the key.
Is it or somthing in EXPO can handle this.
Thank you :slight_smile:

OUR Certificate Fingerprint: F3:B7:6A:00:92:01:58:86:46:83:9B:06:A6:C1:CA:ED:EA:11:A1:96

Google Upload Certificate : SHA1: 47:56:69:C4:A1:D0:54:C2:F9:E9:8C:D3:97:AE:19:4F:06:BB:26:F3

I am waiting on your response .

I asked you to compare 3 hashes, based on you answer I don’t understand what you checked

  • App signing tab in google play console
  • expo fetch:android:hashes
  • keytool -list -v -keystore path_to_keystore -alias key_alias

Where did you got that keystore?

You clear credentials each time you run build?

Those steps were correct, but I assume that you used wrong keystore after that.

Step - I => App signing tab in google play console

MD5 certificate fingerprint 
MD5: 46:D9:3C:71:B5:6E:F2:87:CF:21:FE:67:86:BE:07:9E

SHA-1 certificate fingerprint 
SHA1: 47:56:69:C4:A1:D0:54:C2:F9:E9:8C:D3:97:AE:19:4F:06:BB:26:F3

Step 2 => expo fetch:android:hashes

Google Certificate Fingerprint:     F3:B7:6A:00:92:01:58:86:46:83:9B:06:A6:C1:CA:ED:EA:11:A1:96
Google Certificate Hash (SHA-1):    F3B76A009201588646839B06A6C1CAEDEA11A196
Google Certificate Hash (SHA-256):  ED4FD5DF2B19585E02AA44B392F9835EE25BE3D531AEE3EEFE97DCB18050DAB7
Facebook Key Hash:                  87dqAJIBWIZGg5sGpsHK7eoRoZY=

Step 3 => keytool -list -v -keystore path_to_keystore -alias key_alias

Where did you got that keystore?
=> When I was did on 6 days before , It’s generated into the root folder

You clear credentials each time you run build?
=> Yes, but first when did that before 6 days, and then I did today.

App singing tab should have to certificates one for app singing and the other for upload, which one is that?

Run expo fetch:android:upload-cert and send pem file to goole once again.
Do not clear credentials.

Okay, I have done it.
I generated the .pem file and send it to google support.
So from next when I want to build an app from next version app, I’ll just use

expo build:android

Right ? Please let me know on this and other points I need to take care of this, so that this .jks will not replace from the root folder.

Thank you :slight_smile:

yes, use expo build:android

Your local files won’t affect what is used to build that app, I would recommend storing that somewhere outside the project directory, but you don’t have to.

I keep the files and all credential before all well into two other places, but I don’t know what happened.
I really take care of this time again, so make all the files and credentials separately
Actually I requested for the two app before and the same issue for the two apps.
I again apply into the google support for both two app now, I’l give the upload certificates .pem file which we generated from

expo fetch:android:upload-cert

Thank you for your support.
I’ll get back to you on this again when it works as soon as google approve this.

Hello @wkozyra

I got this from google , they suggesting the generate the .pem file from command, I think it’s the same what we did from expo fetch:android:upload-cert

Can you please suggest that the expo command is same as this what they suggest. We can our .pem file we did from above expo command ? Right ?

I am waiting on your response…

expo fetch:android:upload-cert is the same command what they suggested

Okay great , I responded with .pem.

Hello @wkozyra
App is live now, thank you :slight_smile:

Can you do me a favour, I want to do Android App Bundles in expo for my both app, so when I do this command expo build:android -t app-bundle
This will build an APK with Android App Bundles, I want to reduce size of the app, also play console suggest the same.

Can you let me know on this and also this will change the .jks again :slight_smile:

Thank you, I am waiting on your response.

APK with Android App Bundles

You can build either APK or Android App Bundle

Can you let me know on this and also this will change the .jks again :slight_smile:

You don’t need to change anything with credentials unless this is an old app (created before 2017)

Okay, so if we run this expo build:android -t app-bundle
This will generate new APK and reduce it’s size and the this will not clear the credentials we set.

I just wanted to reduce the size what warning suggest me and want generate the APK with expo.

Please let me know on this I miss anything.

This will generate new APK and reduce it’s size

No, this will create Android App Bundle not APK and when you upload it to play store it will be internally split into separate APK for every architecture

You will get .aab file that is a bit larger than apk, but actual download size will be smaller

Yes, I think this is I want, I’ll upload bundle then, this will download actual size will be smaller.
From now I’ll do expo build:android -t app-bundle
Thank you :slight_smile:

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.