I had to reset my computer and have lost the private key for our developer certificates and the distribution certificates. I'm nervous to just revoke those and start over new, but I need to update an existing and published app. I have found info for compromised private keys and for expiring certificates, but nothing for this exactly.
Will the update be accepted as an update even though it's signed with different certificates than the previous versions of the app?
I'm nervous to just revoke those and start over new,
Yes, revoking your Distribution Signing Certificate could disrupt existing Provisioning Profiles and services that rely on this certificate. Note the message when trying to revoke a certificate:
" Revoking this certificate will invalidate it and any related services or provisioning profiles that use this certificate may be affected."
Instead, what you can do is create a new CSR and create a new Distribution Signing Identity on your machine. When I refer to a signing identity here I am referring to the private key that is generated when you create a CSR from the Keychain and the Distribution Certificate that is issued from the Developer Portal and downloaded to your Keychain. From there you should be able to create a new provisioning profile with your new Signing Identity to update your app. My recommendation would be to push your update through TestFlight first to make sure you've recreated your profile 1:1 like your old one and have a chance to iron anything you need to out before it hits production.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
If you believe your private keys have been compromised, they should be revoked. see https://developer.apple.com/support/certificates/
Generating new Development and App Store distributions certificates should not pose any risk. However, if your distribution cert is an Enterprise or Developer ID type, any current app that has been distributed to Users will stop working.
"Will the update be accepted as an update even though it's signed with different certificates than the previous versions of the app?" Yes, you can ship an update with a different certificate.
