Your Android App Bundle is signed with the wrong key

Help: Expo Client
#1

I’ve just built an aab bundle from expo, and I’m receiving this error when uploading the aab bundle onto the play store:

Your Android App Bundle is signed with the wrong key. Ensure that your App Bundle is signed with the correct signing key and try again: —MY SHA KEY HERE—

I checked my current sha key by executing this command:

expo fetch:android:hashes --config ./app.json

and the output in Google Certificate Fingerprint: matches the key mentioned in play console.

What is wrong here?

One thing to note here is, I just updated my expo version from v37 to v40 in an incremental manner.

#2

@kellypacker can you have a look at this?

#3

you maybe renamed your app slug or built it with a different username between when you last submitted the app and now. keystores are assigned to a specific username/slug combination.

#4

No, none of this happened…

The only difference I remember is that I have set EXPO_DEBUG to true… Nothing apart from that…

#5

well, something happened to change the keystore that your app is using! i was just suggesting the most common things. another possibility is someone ran expo build:android -c or expo build:android --clear-credentials or ran expo credentials and removed the keystore.

if it’s not one of those things, then the only remaining possibilities would be that google changed the upload keystore (highly unlikely) or on expo servers we changed your keystore without you requesting it (no known instances of this occurring, highly unlikely).

you can verify that you used the same username and slug by finding your most recent build you submitted to the store on expo.io and verifying that the username and slug is what you expect.

if that doesn’t yield any useful results for you, then you can ask google play to reset your upload keystore - android - Lost keystore file for app (but have Google Play App Signing enabled) - Stack Overflow

#6

I tried what the Google support team suggested, and share the pem file with them.

I have one doubt, will I have to update the credentials on Expo?

Also, is it necessary to create a new key, or generating the upload pem file from the old keystore will work?

Commands I ran were:

  1. Generate new keystore: keytool -genkeypair -alias some-alias-here -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks

  2. Generate the PEM file: keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

If, it is necessary to update the keystore on Expo, I did that too, but received the following error: Error: Invalid JKS Keystore: Invalid keystore format

#7

I have resolved the problem.
My approach: Download the upload certificate from expo servers, and share the same with the Google Support, requesting them to update with the new PEM file.