Skip to main content

Resolving iOS Code Signing Failures due to WWDR Intermediate Certificate Expiration

Code Signing with WWDR Intermediate Certificate

NOTE: Some users are experiencing a Could not install WWDR certificate error when using Fastlane 2.211.0. The issue can be tracked on Fastlane's GitHub issue. We recommend reverting to the last-known-good Fastlane version that worked for you until we have more information.

Signing for iOS apps may start failing from 2 September 2020 due to code-signing requiring the new, updated WWDR Intermediate Certificate. Many of the Xcode images that CircleCI provides were created before the new certificate was issued and as such require the certificate to be installed during the job. More information about the WWDR Intermediate Certificate expiration can be found on Apple's developer support website

In most cases, Fastlane and Xcode will install this new certificate automatically. Please ensure you are running the latest version of Fastlane in your job by installing any updates via your Gemfile with Bundler.

macOS Image and Fastlane Compatibility

If you are experiencing intermittent code signing failures with newer Fastlane versions (2.220+), particularly showing "self-signed root" errors:

Certain combinations of older macOS runner images and newer Fastlane versions can cause intermittent signing failures, even when certificates appear valid. Common symptoms include:

  • Certificates showing as "valid" but "untrusted" in the security keychain

  • Builds succeeding intermittently or only after manual SSH debugging

  • xcodebuild failing with self-signed root errors despite proper certificate installation

  • Issues worsening after resource class changes

Recommended solution

Upgrade to the latest macOS runner image before attempting other troubleshooting steps. For example, if using Xcode 16.x with Fastlane 2.220+, ensure you're on macOS image version 26.2.0 or later. This has resolved intermittent signing issues for customers without requiring changes to certificate installation procedures.

To update your macOS image, modify your .circleci/config.yml:

macos:
  xcode: "16.4.0"  # Use the latest available version

Check our Xcode image documentation for the most current image versions.

Additional Manual Certificate Installation

If you face issues after updating both Fastlane and your macOS image, you can add the certificate manually by adding the following commands to your job config:

- run: curl https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer -o AppleWWDRCAG3.cer
- run: sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain AppleWWDRCAG3.cer

NOTE: The above workaround is only applicable to Xcode 12.4 images and lower.

When to Contact Support

If you are still experiencing code signing issues after:

  1. Updating to the latest macOS runner image

  2. Ensuring you're using a compatible Fastlane version

  3. Attempting manual certificate installation (if applicable)

Please submit a support ticket linking us to the relevant builds for investigation.

Related Articles
Using rbenv on macOS Xcode Images
Resolving Test Splitting Issues on macOS Xcode
Resolving "Resource Class Not Available" Error for Xcode
How to save iOS troubleshooting and logs
Resolving failed to start cmd: fork/exec /bin/bash: bad file descriptor Failures on Self-Hosted Container Runners
Did this answer your question?