wrong certificate in Google Console when i build with turtle

i use expo build for google play console - and expo build normal version with certificates for GP console
expo build:android --clear-credentials
then i got upload.pem:
expo fetch:android:upload-cert
then i got output.zip :
java -jar pepk.jar --keystore=KEYSTORE.jks --alias=KEYSTORE_ALIAS --output=output.zip --encryptionkey=eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a --include-cert

then i upload output.zip and upload.pem to GP console and after that i can upload APK/BUNDLE in GP Console…

but when i try build with turtle like:

turtle build:android -t app-bundle -c app.json --keystore-path KEYSTORE.jks --keystore-alias KEYSTORE_ALIAS

and try upload apk/bundle to GP Console - it’s error because wrong certificate

what i need to do?


Just to make sure, you passed the old keystore to java -jar pepk.jar and the new one to turtle build:android?
Was this new app in play store or did you want to migrate the old app to use google play app signing?
You can check if fingerprint in google play console match output of expo fetch:android:hashes.

no, expo build:android --clear-credentials generate new keystore, after that i got new build from EXPO, after that i got upload.pem, after that i use java -jar pepk.jar and upload output.zip with upload.pem to Google Console, after that i upload generated by EXPO build to GP console and it’s uploaded ok

but if i try build with turtle - its show error certificate

expo fetch:android:hashes show me right certificate and it match with GP Console fingerprint


expo fetch:android:hashes matches app signing certificate or upload certificate(it should match upload certificate)?

expo fetch:android:hashes matches upload certificate.

maybe i need somehow use upload.pem with turtle ?

I’m posting this question third time can you answer? It’s important.

Make sure that keystore you are using in turtle build and keystore on expo server are the same
(expo fetch:android:keystore)

Also you explanation does not seem correct upload.pem and output.zip should not be extracted from the same keystore

  • pem file is public key used by google to verify the upload
  • output.zip contains a public and private key that is used to sign an actual app in store

You should use keystore that was used to generate pem file to sign your apps both with turtle and expo build:android

i use old app to use google play app signing first time

when i run first step : expo build:android --clear-credentials , new keystore named KEYSTORE.jks was saved to my project
i think its equal with expo fetch:android:keystore or not?
after first step i use only this KEYSTORE.jks for generate output.zip and run with turtle after upload output.zip and upload.pem to GP console

when you run clear credentials old keystore is backed up in you working directory
fetch keystore from expo servers and use it to build in turtle

1 Like

hm…ok, but if i use old keystore for turtle, then i use same old keystore for generate output.zip ?
and upload.pem is got from new keystore?
why then output.zip , upload.pem and expo build uploaded well in GP Console?

output.zip was supposed to be generated from the old keystore
upload.pem was generated by expo from new keystore (not from the one you had locally)
and expo build:android is using keystore from the server(correct one)

but why, if i upload to GPC wrong output.zip, correct build is uploaded well?
or GPC look only upload.pem when i upload expo build?

You uploaded correct output.zip, if you would run pepk tool on new keystore google play would not accept that

i confused ))
if output.zip is correct, then keystore that i have from expo build:android --clear-credentials is correct too, because i generate output.zip from that keystore …

so… after fetch:android:keystore it work well!
thank you!

1 Like

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.