Notarization Always Fails, Now Stuck at Max Certificates, Can't Delete

Every recent attempt to create a Installer certificate has failed

Clearly it hasn’t failed completely, in that you’ve hit the limit so you must’ve actually created the certificates. So, it’s not a failure to create the certificates, but rather that something has gone wrong after you’ve created them. It’s hard to say what that is without more info.

In general, Developer ID signing identities are precious and you have to manage them carefully. I have a lot to say about this in The Care and Feeding of Developer ID.

As explained in that post, the best way to resolve this is to recover the private key associated with your existing certificates and thus recover your ability to sign your installer. The post has a lot of suggestions for how you might do this.

Once you’re able to form a signing identity by pairing up the private key and its certificate, if you’re still having problems signing then post back here with the details and I should be able to set you on the right path.

does it require Apple to intervene on the backend?

The above-mentioned post explains your option for that, but it’s not a path you want to head down until you’ve exhausted all your other options.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thank you for the response.

but rather that something has gone wrong >>after you’ve created them

Yes, the problem is after the create which is out of my control, but now I'm stuck...

1. Xcode always gives an error when managing my account certificates. This is under Signing certificates for "My Name":

Clicking the "+" sign gives the error "There is a problem with the request entity. You already a Development certifiate or a pending request."

1. Xcode always gives an error when managing my Team Developer ID Installer Certificate. Under Accounts, highlighting my email, clicking Manage Certificates>Developer ID Installer gives that above same error.

2. Logging into my Apple Developer account, I am unable to revoke existing Developer ID Installer Certificates.

I am unable to revoke existing Developer ID Installer Certificates.

Right. Revoking a Developer ID certificate is a big deal because its stops existing products from running. You should only do that if the key is compromised. Quoting The Care and Feeding of Developer ID

If you believe that your private key has been compromised, follow the instructions in the Compromised Certificates section of Developer > Support > Certificates.

I don’t believe that’s the case here. So you have two choices. The one I recommend is that you manually recover the private key associated with one or more of your Developer ID certificates, which will give you a signing identity that you can use to sign your software. The Care and Feeding of Developer ID explains various strategies for this.

And once you do that, intentionally back up the signing identity so that you don’t run into this problem again in the future. The Care and Feeding of Developer ID explains how to do that.

The other approach is to seek formal help. Quoting The Care and Feeding of Developer ID again:

If you’re absolutely sure that you previous private key is lost, use the Developer website to create a replacement signing identity.

If the Developer website won’t let you create any more because you’ve hit the limit discussed above, talk to Developer Programs Support. Go to Apple > Developer > Contact Us and follow the path Development and Technical > Certificates, Identifiers, and Provisioning Profiles.

However, note the first sentence there. This path only make sense if you’re absolutely sure that your previous private keys are lost. Things will be a lot easier if you’re able to recover the private key yourself.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"