Code-sign fails after upgrading Archive Plugin

Bitrise Build Issue Report template

Description of the issue

Previously were using the automatic code-signing plugin. (I forget the exact name).

A few days ago received message that this plugin was deprecated in favor of the upgraded Archive step.

I upgraded the Archive Plugin and added the code-sign option. The first build seemed to go OK.

However, subsequent builds fail with:

:x: error: Revoke certificate: Your account already has an Apple Development signing certificate for this machine, but its private key is not installed in your keychain. Xcode can create a new one after revoking your existing certificate.

Revoking the cert as advised fixes the issue, but only once. It comes back on the next build. Seems as though private key part of the cert needs to be stored securely somewhere, then installed in the keychain at the start of the next build, but this isn’t happening.


Where did the issue happen? using: xcode-archive@4.2

Which build Step causes the issue and which version of the step?



  • Does a “Rebuild” help? (You can trigger a rebuild from the Build’s page, by clicking the “Rebuild” button in the top right corner of a finished build) : YES/NO

YES a rebuild helps, if the cert is revoked, but only effective once. We can’t revoke the cert prior to every build.

Not unless cert revoked.

  • Does the issue happen sporadically, or every time? :

Every time until cert revoked, then success once.

  • Does upgrading the build Step to the latest version help? : YES/NO

Its on the latest version.

  • When did the issue start? :

As soon as the deprecated code sign plugin was removed, as advised by the deprecation message, and upgrade Xcode-archive was used.

Local reproduction

Can it be reproduced on your own Mac/PC by following our local debug guide? Please follow at least the first section (“Testing with a full clean git clone”) to make sure to test the state of the code what will get when it does a git clone in the clean environment! If possible please note which sections you tried.

I have not tried this as we pay for a bitrise service that we expect to work.

Local reproduction: Linux / Android (docker based) stack builds

Can it be reproduced by running the build locally, after doing a new git clone of the repository into the /tmp directory and running the build from there with the Bitrise CLI ( Bitrise CLI )? If no, can it be reproduced with Docker (using the same docker images / environment we use on Related guide: .

Build log

Please copy paste the build’s URL here (or if the issue happens somewhere else then the full logs), or if you can’t share the url / log here then send the url or full log through a private channel (e.g. email - Contact us ), with a link to the related Discuss issue.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Hello @jasperblues :wave:

One solution here could be to upload this development certificate to Bitrise, as the code signing process could locate it and/or generate the right profiles based on this. Xcode recognizes the existence of this profile/cert online, but since they aren’t installed, it throws the error message about your account already having that certificate.

Alternatively, you could detach this identity from the project, as it is possible that this certificate is directly assigned to the project (in the Signing and Capabilities section), which is why the project insists on using this developer identity.

Hope this helps! :slight_smile: