Live app store app push tokens being rejected by production APNS

Question

I have an iOS app in the store which is using the product APNS environment (confirmed in iTunes connect binary details), these apps are being provided with push tokens, so I have to assume everything is configured in the app correctly, else they'd receive the "no valid 'aps-environment' entitlement string" error.

I am using Amazon SNS to send the push notifications, which for other apps has been working perfectly, but for this particular app all notifications are being returned with "Platform token associated with the endpoint is not valid".

I've tried to resolve this problem by reissuing the certificate which SNS uses to connect to APNS, confirming it is for the production environment - same issue.

I've tried deleting the app, reissuing an Ad Hoc certificate (which is in the production environment) and reinstalling it on my phone (removing all developer certificates with the same app ID) - I get the same push token, with the same rejection issue.

This is happening to ALL users, including those who have never had a sandbox version of any app installed, so the tokens can't be from the sandbox environment. I don't understand why a token issues to an app store app could be rejected by production APNS?

Answer 1

Ok I finally found the problem. I was setting up a few apps at the same time, so for ease I reused the certificate signing request when creating the APNS certificates for SNS. Apple and SNS didn't show any indication that there was an error with the certificates so I assumed they were fine, but all but the first one were invalid.

As the SNS error said the token was invalid I didn't think there was any issue with the certificate, but after regenerating them all with new CSRs, every thing started working fine.

The moral of the story:

Certificate Signing Requests can only be used once, reusing them won't cause any errors, but will generate invalid APNS certificates.