Certificate changes

If a profile’s associated code signing certificate expires or becomes revoked, the profile must be edited and associated to a new certificate to move the status back to active. At that point the profile can again be used for code signing.

App ID changes

When an App ID changes (for example, a target capability was turned on or off in Xcode), the profiles associated to the App ID must be updated in order to reflect the proper entitlements that correspond to the newly enabled or disabled capability.

Xcode's team profiles are updated automatically to reflect those changes, however, all custom profiles that are tied to the App ID must be regenerated manually. To do that, you must edit the profile on the Certificates, Identifiers & Profiles website, and click the Generate button. Custom profiles include any development or distribution profiles your team has created manually through Certificates, Identifiers & Profiles.

App ID changes

A provisioning profile attaining Invalid status due to App ID changes does not affect any currently deployed apps that were signed with that profile. It's just an indication that the profile must be regenerated/updated to reflect changes in services and entitlements made to its associated App ID before it can again be used for code signing.

Certificate expiration or revocation

For standard developer program teams (those whose distribution method is the iOS App Store), expiration or revocation of a code signing certificate does not affect any apps that were signed with that certificate (this includes development builds, beta test builds, and live App Store apps). Its just an indication that the profile must be regenerated/updated to be associated with a new, valid certificate.