Hey there, I totally get how frustrating this is—you’ve double-checked the SHA-1s and they match, but Play Console still says your APK isn’t signed with the upload certificate. Let’s break down the most likely fixes step by step:

• Double-check you’re using the upload keystore, not the app signing keystore
  Google Play’s App Signing splits things into two keys: the upload key (you keep this, use it to sign APKs/AABs for upload) and the app signing key (Google stores this for final app signing). It’s easy to mix these up. Verify your APK’s SHA-1 with this command:
  keytool -printcert -jarfile your-app-release.apk
  Compare the output SHA-1 directly to the "Upload certificate" SHA-1 in Play Console (under App integrity > App signing).

• Confirm you’re using the correct key alias in your keystore
  If your keystore has multiple keys, you might have accidentally signed with the wrong alias. List all keys in your upload keystore to check:
  keytool -list -v -keystore your-upload-keystore.jks
  Make sure the alias you used for signing matches the one with the SHA-1 that matches Play Console.

• Verify your build.gradle signing configuration
  Check your module-level build.gradle (or build.gradle.kts) to ensure the release build is using the correct signing config. It should look something like this:

  android {
      signingConfigs {
          upload {
              storeFile file("your-upload-keystore.jks")
              storePassword "your-store-password"
              keyAlias "your-upload-alias"
              keyPassword "your-key-password"
          }
      }
      buildTypes {
          release {
              signingConfig signingConfigs.upload // This is critical—don’t use another config here
              // ... other release settings
          }
      }
  }
  

• Clean and rebuild your APK/AAB
  Cached build artifacts can sometimes cause old signatures to stick. Run ./gradlew clean (or use Android Studio’s Build > Clean Project) then rebuild your release package from scratch. If you’re signing manually, make sure you’re signing the newly built APK, not an old one.

• Check for automated signing overrides
  If you’re using CI/CD tools (like GitHub Actions, GitLab CI), ensure the pipeline is pulling the correct upload keystore and using the right credentials. Sometimes environment variables for passwords/aliases get misconfigured without you noticing.

• Rule out keystore corruption
  In rare cases, the keystore file might have been modified accidentally. Re-export the SHA-1 from your upload keystore to confirm it still matches Play Console:
  keytool -list -v -keystore your-upload-keystore.jks -alias your-upload-alias
  If this doesn’t match what’s in Play Console, you might need to reset your upload certificate (but that’s a last resort—only do this if you’re certain the keystore is lost/corrupted).

If none of these steps work, feel free to share more details about your build process (manual signing vs Android Studio auto-signing, CI/CD usage, etc.) and we can narrow it down further!

内容的提问来源于stack exchange，提问作者Mario Catillo