I'm also getting this when I run match, after it decrypts the certs repo and then goes to check the validity of the certs with Apple. Thought it was on my end!

This is currently failing for us too with cert

Me too!

Hello, everyone! We are looking into this 💪 👀

Awesome, thanks a lot

@joshdholtz that's great to hear :D

Login to https://itunesconnect.apple.com with your Apple ID; you should see this new privacy prompt:

Once you select "continue", this should resolve your issue.

@getaaron That resolved the issue for me for fastlane pem (I had to log out and login on iTunes to see this). Thanks!

Confirmed that this resolved my issue with match. (Note: you have to sign into itc, not into developer.apple.com , the latter doesn't present the privacy policy.)

Confirmed that this fixes the issue for me too!

Solved, but I had to change to another Apple ID because the one I was using wasn't eligible for iTunes connect (whut?) Thanks

@danivegamx Going to keep this open for now for visibility and until I make a code fix for a prettier error 🙃

_{Sent with GitHawk}

Hmm, the above fix didn't work for me 😭

@stevemoser Gotta ask this but did you accept it under all your iTunesConnect accounts that you use? 🙃

_{Sent with GitHawk}

Am I understanding this correctly? In order for this to work, the account we are using for match has to also be on iTC?

I use two accounts. One that has access to the developer account and one on iTC. The developer account does not have a privacy prompt.

@bencmorrison Hmmm, I’ve only been able to get that prompt on the iTunesConnect side but I will see what I can dig up when I get home in 30 minutes 💪

_{Sent with GitHawk}

What if you login on appleid.apple.com?

When I went to the iTunes Connect site, I was already logged in automatically. I had to sign out and sign back in to get the prompt.

Going to appleid.apple.com as @getaaron suggested also shows the same privacy step 💪

Thanks @getaaron

Thanks @getaaron, it appears to be working for me as well!

Also getting this for {"authType"=>"hsa"} -- the same solution worked (including this comment for Google-ability).

I went to itunes connect and try to login with our robot account.
Clicked Continue and got the below. But the account could then be used by fastlane again...

@nevil Try going to https://appleid.apple.com and trying this 😊

@mmarvick I have not seen hsa yet! Is this account configured any different? I have no idea how but just curious how hsa showed up 😇

@joshdholtz can we handle for authTypes non-sa and hsa2 the same way. As of now, we get below exception for 2fa account which haven't accepted privacy:

/usr/local/rvm/gems/ruby-2.4.2/gems/fastlane-2.96.0/spaceship/lib/spaceship/client.rb:478:in `send_shared_login_request': {"authType"=>"hsa2"} (Spaceship::Tunes::Error)
aa=<hidden>; Domain=idmsa.apple.com; Path=/; Secure; HttpOnly, dslang=US-EN; Domain=apple.com; Path=/; Secure; HttpOnly, site=USA; Domain=apple.com; Path=/; Secure; HttpOnly, acn01=<hidden>; Max-Age=31536000; Expires=Thu, 23-May-2019 05:17:34 GMT; Domain=apple.com; Path=/; Secure; HttpOnly
	from /usr/local/rvm/gems/ruby-2.4.2/gems/fastlane-2.96.0/spaceship/lib/spaceship/portal/portal_client.rb:27:in `send_login_request'
	from /usr/local/rvm/gems/ruby-2.4.2/gems/fastlane-2.96.0/spaceship/lib/spaceship/client.rb:662:in `do_login'
	from /usr/local/rvm/gems/ruby-2.4.2/gems/fastlane-2.96.0/spaceship/lib/spaceship/client.rb:363:in `login'
	from /usr/local/rvm/gems/ruby-2.4.2/gems/fastlane-2.96.0/spaceship/lib/spaceship/client.rb:71:in `login'
	from /usr/local/rvm/gems/ruby-2.4.2/gems/fastlane-2.96.0/spaceship/lib/spaceship/portal/spaceship.rb:25:in `login'
	from /usr/local/rvm/gems/ruby-2.4.2/gems/fastlane-2.96.0/spaceship/lib/spaceship/portal/spaceship.rb:98:in `login'
	from /tmp/a.rb:3:in `<main>'

@lalitb non-sa and hsa2 should be in 2.96.1 😊

👍 2.96.1 does indeed display a much friendlier error, however the recommended solution does not fix the problem for me. The privacy statement appears every time I login no matter how many times I accept it.

1. Login
2. Answer security questions
3. Select "Continue" on the privacy prompt
4. Logout
5. Go to step 1

I have repeated this 4 times with the login used by fastlane. Just me?

Tried on a different network and this time it took. The network it didn't work on was my AT&T Mobley hotspot. I occasionally encounter weird quirks like this on that network (here's another one), so it's not entirely surprising. Sorry for the noise, but hopefully it helps somebody else as well.

Good to see other CLT devs here @stevemoser

I had to logout and login again to see the notice but acknowledged it and everything works again. Way not to do GDPR, Apple :-/

I continue to get an error: "Need to acknowledge to Apple's Apple ID and Privacy statement. Please manually log into https://appleid.apple.com (or https://itunesconnect.apple.com) to acknowledge the statement".

I have logged into both (and developer.apple.com) multiple times from different networks. No statement is presented to acknowledge, yet fastlane produces the error above.

I had to switch browsers from Chrome to Safari. Logout and log back in to ITC.

I tried that, different browser on a different computer. Still no joy.

@garyhooper are you logging in with the same Apple ID specified in fastlane/Appfile? A few users with your issue have been logging in with a personal account while fastlane is configured to use a machine account.

Yes, I have verified that they are the same.

Sill not working. I am running under Jenkins...is anyone else? More detail under #12675.

Login to https://appstoreconnect.apple.com/ instead of https://itunesconnect.apple.com to accept the privacy statement.

fastlane is still failing.

When logging in to https://appstoreconnect.apple.com/, no privacy statement acceptance was presented; it went straight to the dashboard.

I just solved this by checking all three of:

1. appleid.apple.com
   • I had to log into a device with the Apple ID in question before I could log into Apple ID in the browser, heads up
2. developer.apple.com
3. appstoreconnect.apple.com

I have logged into each of https://appleid.apple.com, https://developer.apple.com, https://itunesconnect.apple.com, and https://appstoreconnect.apple.com from multiple browsers (including Safari) and from multiple (mac) computers. No privacy acceptance is required (completed several days ago), yet fastlane certs still fails.

@mrh-is, can you clarify what you mean by "I had to log into a device with the Apple ID in question before I could log into Apple ID in the browser, heads up"?

@garyhooper I wan't able to log into appleid.apple.com until I had already logged into an iOS device with that Apple ID.

on an iOS device, i have logged into both itunesconnect app and website, plus app store. for all i logged out and back in again. still fails.

I think @mrh-is meant sign in via Settings - iCloud on iOS or something. But I doubt that will fix anything.

At this point the only two things I can think of are:

1. logging the exact HTTP response headers & body in case there’s some info there. You could try running the Ruby commands via IRB, or making a curl request

2. Logging into https://iforgot.apple.com/ and going through the account unlock flow mentioned in https://support.apple.com/en-us/HT204106. However if your account were locked I’d expect bigger problems

RESOLVED. All members associated with the team must accept that privacy statement, regardless of which user's account is used to get the certificates.

So glad. No more notifications for this issue! Hahaha.

@garyhooper I’m pretty sure that’s not it since there are definitely people on my team who haven’t accepted it, but glad to hear you got it working. Maybe you have something overriding the account specified in the Appfile?

I don’t see anything overriding the Appfile. I have 4 emails associated with the team. 2 had accepted, including the appfile id. Accepting the other two resulted in success.