I believe this is the sequence of events:
- Accidentally hit "Create" button next to "iOS Distribution" in Preferences > Accounts > View Details... > Signing Identities
- Preexisting iOS Distribution certificate under Certificates > Production on the online Member Center got revoked, and a new one generated in its place. I'm assumingthat's what happened, because my old certificate is missing, and there is a new entry with an expiration date that's one year minus one day from now. Also, my Provisioning Profiles are all now invalid.
- Any internal testers who attempt to install from TestFlight are running into the "Developer's certificate is no longer valid" error. No app IDs have been changed, so it must be because of the certificate.
This is very puzzling, because according to the documentation, the Create Button should only exist if there's no preexisting certificate.
I've downloaded the new iOS Distribution certificate, and am comparing it to the old one. However, my old one still exists locally in my Keychain, and the green check mark with "This certificate is valid" appears in its entry. So this leads me to question- is the certificate really invalid? It's no longer in the Member Center, so why is it still considered valid?
Also, when I run validate on my previously-built archives under Window > Organizer, the Validation passes. Is that because Xcode is validating with the locally-saved copy of my old certificate, and not the newest one?
This is quite a mess because I never meant to revoke the iOS Distribution certificate. It would have been helpful if hitting the Create button (why did it appear in the first place?) creates a dialog prompt that explains that it would revoke any existing certificates, and that you would need to download the new one to your Keychain. And also now a new build needs to be uploaded to TestFlight, because test users can no longer install this version.
