How to sign apk update with the new upload certificate I got from Google?

Hi there.

I released an app to Google play with expo build:android.
Google Play App Signing is enabled for my app.
So far so good.
Then I replaced my icon, created a new bundle with expo build:android and tried to upload it to Google Play. I got this error message on Google Play console: “Upload failed: You uploaded an APK that is not signed with the upload certificate. You must use the same certificate.”

I contacted Google and followed their process for creating a new upload certificate:

  1. keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks
  2. keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
  3. Send the resulting upload_certificate.pem file back to Google by email.
    Google confirmed the new upload certificate is now in effect (two days later).

What should I do next to update Expo with the new upload certificate?

Simply running expo build:android ends with an error message on turtle:
com.android.ide.common.signing.KeytoolException: Failed to read key XXX from store “/tmp/turtle/keystore-XXX.jks”: Invalid keystore format

Thank you.

p.s., here’s my expo diagnostics:

Expo CLI 3.11.1 environment info:
System:
OS: Linux 4.4 Ubuntu 18.04.2 LTS (Bionic Beaver)
Shell: 4.4.19 - /bin/bash
Binaries:
Node: 10.15.3 - ~/.nvm/versions/node/v10.15.3/bin/node
npm: 6.12.0 - ~/.nvm/versions/node/v10.15.3/bin/npm
npmPackages:
expo: ^35.0.0 => 35.0.1
react: 16.8.3 => 16.8.3
react-native: https://github.com/expo/react-native/archive/sdk-35.0.0.tar.gz => 0.59.8
react-navigation: ^3.12.0 => 3.13.0
npmGlobalPackages:
expo-cli: 3.11.1

keytool command generates on some systems keystore in pkcs format instead of jks
you can convert one format to the other with

keytool -importkeystore -srckeystore [MY_FILE.p12] -srcstoretype pkcs12
 -srcalias [ALIAS_SRC] -destkeystore [MY_KEYSTORE.jks]
 -deststoretype jks -deststorepass [PASSWORD_JKS]  -destkeypass [PASSWORD_KEY] -destalias [ALIAS_DEST]

where MY_FILE.p12 is your current keystore(you named it .jks, but it’s .p12 file)
after that run expo build:android -c select option to pass credentials manually and specify new keystore file, alias, keystore password and alias password (note that pkcs kesytore does not have alias password)

@wkozyra - it worked! thanks so much!
Happy new year everyone!