google play upload key

 Expo CLI 4.0.17 environment info:
    System:
      OS: macOS 11.2.3
      Shell: 5.8 - /bin/zsh
    Binaries:
      Node: 14.16.0 - ~/.nvm/versions/node/v14.16.0/bin/node
      Yarn: 1.22.10 - /usr/local/bin/yarn
      npm: 6.14.11 - ~/.nvm/versions/node/v14.16.0/bin/npm
      Watchman: 4.9.0 - /usr/local/bin/watchman
    SDKs:
      iOS SDK:
        Platforms: iOS 14.4, DriverKit 20.2, macOS 11.1, tvOS 14.3, watchOS 7.2
      Android SDK:
        API Levels: 23, 26, 27, 28, 29
        Build Tools: 23.0.1, 23.0.2, 26.0.1, 26.0.2, 26.0.3, 27.0.3, 28.0.0, 28.0.3, 30.0.1
        System Images: android-23 | Google APIs Intel x86 Atom_64, android-27 | Google APIs Intel x86 Atom, android-30 | Google APIs Intel x86 Atom
    IDEs:
      Android Studio: 4.0 AI-193.6911.18.40.6626763
      Xcode: 12.4/12D4e - /usr/bin/xcodebuild
    npmPackages:
      expo: ^40.0.0 => 40.0.1 
      react: 16.13.1 => 16.13.1 
      react-dom: 16.13.1 => 16.13.1 
      react-native: https://github.com/expo/react-native/archive/sdk-40.0.1.tar.gz => 0.63.2 
    npmGlobalPackages:
      expo-cli: 4.0.17
    Expo Workflow: managed

Hello, sorry for a probable repeated question but I can’t seem to grasp what is the right approach here.

I have a few apks uploaded in google play, created with older expo sdk versions.

A lot of time has passed since my last update, but now I’m trying to upload a new version of my app, after bumping my dependencies to use expo sdk 40.

When trying to upload my new apk, google play console complains about the mismatch of certificates with the following message:

You have sent an APK not signed with the upload certificate. You must use the same certificate. The upload certificate has the fingerprint: XXX

After contacting google and following their instructions to generate a new key and send them the upload certificate

you can use the following command line to generate a new key:

keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks >(*This key must be a 2048 bit RSA key and have 25-year validity.)

Export the certificate for that key to PEM format:

keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

They have enabled the new upload key for the app.

I would like expo to use this key to sign the app now, as the previous one apparently doesn’t work anymore. Is that possible? I rather expo keeps signing the apps for me.

I understand a possibility is to clear credentials but I don’t fully understand if that means I will have to sign the apks myself out of the build process of expo.

Thanks for the help in advance.

expo build:android --clear-credentials

When you clear credentials you will need to setup new ones, there will be two options, allow expo to handle it or provide them manually. You need to select that second option and provide those values you generated. You will need to that only for the first build.

keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks >(*This key must be a 2048 bit RSA key and have 25-year validity.)

There is -storetype JKS missing in this command so it’s likely (depending on version of your keytool) that you generated p12 file instead (p12 has one password and jks has 2, one for entire keystore and one for specific alias), so if you have only one password try passing it for both password values in expo-cli. If it won’t work you can always convert p12 file to jks.

When trying to upload my new apk, google play console complains about the mismatch of certificates with the following message:

Sth like this can happen if you e.g. change slug, add owner field, or you (or someone from your team) run build with clear credentials command.

Apparently it worked! Thank you very much for your fast and precise response!

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.