For the past two years I’ve managed an Enterprise In House distributed app where I let Expo handle all of the certificate tasks for me. I no longer have access to my client’s Apple Developer Portal and I accidentally cleared the saved credentials when I ran expo build:ios --clear-push-cert --release-channel v4.1.0 when I received the notification to switch from using a Push Notification Certificate to a Push Notification Key. To make matters worse, the certificates are expiring in the next 2 weeks and the app goes live in a few days .
Questions:
Are these certs used at build time, install time, and/or runtime. (Distribution Certificate, Push Notification Key, Provisioning Profile)
If I let the certificates expire:
Can I still publish OTA updates (expo publish)?
Can iOS users still install the app I built last year which contains the expired certificates?
Eeek please help, the new app needs to be live in a few days!
Thanks!
~JR
Please run expo diagnostics and paste the log that’s printed out along with your question or issue!
Edit: My response does not apply to Enterprise apps. If an enterprise app’s distribution cert or provisioning profile are revoked on the Apple Developer portal (or it expires), the app will stop working.
Hi! All in all, you’re pretty safe. Although I’m not sure how easy it will be to deploy new binaries without access to the Apple Developer Portal, but that’s another issue
Are these certs used at build time, install time, and/or runtime. (Distribution Certificate, Push Notification Key, Provisioning Profile)
Distribution cert and provisioning profile are used at build-time, so these can be revoked/expire and have no impact on your in-production apps. The APN key is used at runtime, so if this is revoked then your current users will stop receiving push notifications.
If I let the certificates expire:
Can I still publish OTA updates ( expo publish )?
Can iOS users still install the app I built last year which contains the expired certificates?
Yep, you can still publish OTA updates to existing applications. The only time you’ll need to renew your certs is when you expo build:ios again (besides the push notification key, see above)
And yes, your currently-available app can still be installed even though it’s associated with the old certs.
Awesome, thanks for the update @charliecruzan!
I just want to confirm that your answer still holds true for Enterprise Distributions where the users are downloading the app over https from my web server (and not from the Apple App Store).
Hi, for enterprise it’s not exactly correct
If you just removed distribution certificate or provisioning profile from expo servers it wont affect anything, but if it’s revoked on apple developer portal or it’s expired apps will stop working.
Yikes , thanks for the heads up, I’m glad I followed up!
Tonight I’m going to work with the Admin team that has access to the developer account, and we’ll get all of these certs recreated.
Time Sensitive 
.
, thanks for the heads up, I’m glad I followed up!