Why does Godot Android export fail with keystore error?

The export preset references a keystore file that does not exist, or the alias and password do not match. Open Project > Export > Android preset and verify Debug Keystore path is set, alias matches the keystore, and password is correct. Generate a fresh keystore with keytool if needed.

How do I generate a Godot Android keystore?

Run: keytool -genkey -v -keystore mygame.keystore -alias mygame -keyalg RSA -keysize 2048 -validity 10000. Set a password when prompted. Reference the keystore in Godot Editor > Settings > Export > Android > Debug Keystore (for debug builds) or in the export preset for release.

Why does Godot 4 require JDK 17 for Android exports?

Android Gradle Plugin 8 requires JDK 17. Godot 4 ships with that requirement. Install Java 17 (Temurin or OpenJDK), set JAVA_HOME to its install path, and confirm in Editor > Settings > Export > Android > Java SDK Path.

Fix: Godot Android Export Keystore Verification Failed

Quick answer: Godot Android exports need a valid keystore plus matching alias and password. Generate a debug keystore with keytool, set its path in Editor → Settings → Export → Android, and ensure JDK 17 is the active Java SDK (required by Android Gradle Plugin 8).

Here is how to fix Godot 4 Android exports that fail with keystore verification errors. The export starts, Gradle assembles, and at the signing step you get jarsigner: certificate chain is not validated or keystore was tampered with, or password was incorrect. Three things have to align: the keystore file, the alias and password, and the JDK version Godot uses.

The Symptom

Export to Android fails late in the process. Console output references keystore signing or jarsigner failures. The exported APK either does not appear or is unsigned. Installing the unsigned APK on device fails with parse errors.

What Causes This

Keystore path empty. First-time exporters often skip the Debug Keystore field. Without it, signing has no key to use.

Alias or password wrong. The keystore stores keys under aliases. If the alias in Godot does not match what is in the file, signing fails.

JDK version wrong. Android Gradle Plugin 8+ requires JDK 17. Godot uses whatever Java is configured. Older JDKs (8, 11) produce signing failures or build errors before reaching signing.

Mixed debug/release keystore configuration. Godot has separate fields for debug and release keystores. Misconfiguring one affects the corresponding build type.

The Fix

Step 1: Generate a debug keystore.

# Generate a 27-year keystore for debug usage
keytool -genkey -v \
  -keystore debug.keystore \
  -alias androiddebugkey \
  -keyalg RSA -keysize 2048 -validity 10000 \
  -storepass android -keypass android \
  -dname "CN=Android Debug,O=Android,C=US"

This is the same convention Android Studio uses for debug builds. Place it somewhere outside your project folder for security.

Step 2: Configure the keystore path in Godot. Open Editor → Editor Settings → Export → Android. Set:

Debug Keystore             /path/to/debug.keystore
Debug Keystore User        androiddebugkey
Debug Keystore Pass        android

For release builds, generate a separate keystore with a strong password and configure it per-preset under Project → Export → Android preset → Encryption & Signing.

Step 3: Verify JDK 17 is active.

# Check Java version
java -version
# Should show: 17.0.x or higher

# If wrong, install JDK 17
# macOS:    brew install openjdk@17
# Ubuntu:   sudo apt install openjdk-17-jdk
# Windows:  https://adoptium.net/temurin/releases/?version=17

Set Editor → Settings → Export → Android → Java SDK Path to the JDK 17 install root. Restart Godot.

Step 4: Generate a release keystore for store uploads.

keytool -genkey -v \
  -keystore mygame-release.keystore \
  -alias mygame \
  -keyalg RSA -keysize 2048 -validity 10000

The validity (10000 days = 27 years) is required by Google Play Store. Shorter keys may be rejected.

Step 5: Configure the release preset. In Project → Export, select your Android preset. Under Encryption & Signing:

Release Keystore           /path/to/mygame-release.keystore
Release Keystore User      mygame
Release Keystore Pass      <your strong password>

Now Export Project with Debug unchecked produces a properly signed release APK or AAB.

Storing The Keystore Safely

If you lose your release keystore or password, you cannot ship updates to existing Play Store users. Back up the keystore file and password to a password manager and an offline location. Never check the release keystore into version control.

Common Errors Cheat Sheet

jarsigner: certificate chain not validated
   Cause: keystore tampered or wrong password
   Fix:   regenerate keystore, update Godot config

SDK Build Tools revision (XX.X.X) is too low
   Cause: Android SDK Build-Tools out of date
   Fix:   install latest in Android Studio SDK Manager

Could not find tools.jar
   Cause: JDK 8 instead of JDK 17
   Fix:   install JDK 17, update JAVA_HOME

Understanding the issue

Export pipelines transform development assets into shipping packages. Each transformation can introduce subtle changes that produce bugs only visible in the exported build.

The specific bug described above is the kind that surfaces during integration rather than unit testing. It depends on a combination of factors: the asset configuration, the runtime state, the platform's specific behavior. In isolation, each piece looks correct; in combination, the bug emerges. This is why thorough integration testing - playing the actual game in realistic conditions - catches things that automated tests miss.

Why this happens

This bug class disproportionately affects late-stage development. The work to surface it is interactive testing in realistic conditions, which only really happens after the gameplay is in place and assets are populated. Catching it early requires deliberate testing of conditions that look unimportant.

At the engine level, the behavior comes from a deliberate design decision in Godot. The engine team chose a particular trade-off - usually performance versus convenience, or generality versus specificity - and that trade-off has consequences when you push against it. Understanding the trade-off is what turns 'this bug is mysterious' into 'this bug is the expected consequence of this design'.

Verifying the fix

Verifying this fix in isolation is straightforward: reproduce the bug, apply the change, confirm the bug no longer reproduces. The harder verification is regression - did this fix introduce a new bug elsewhere? Run your standard regression suite, plus any tests that exercise the same code path with different inputs.

Reproducibility is the prerequisite for verification. If you can't reliably reproduce the bug pre-fix, you can't reliably verify it post-fix. Spend time getting a clean reproduction before you write any fix code. The fix is fast once you understand the reproduction; the reproduction is the slow part.

Variations to watch for

There's almost always a less obvious case where the same problem applies. The reported case is the one a player hit; the related cases hide because they're rarer or affect fewer players. After fixing the reported case, search the codebase for the pattern - one fix often unlocks several.

Adjacent bugs often share a root cause. After fixing the case you've found, spend an hour searching the codebase for similar patterns. What's the same call with different arguments? The same data flow with a different entity type? The same lifecycle issue in a sibling system? Each match is a candidate for the same fix, or a related fix that prevents future bugs of the same class.

In production

For shipping titles with a long support window, watch for this issue resurfacing after dependency updates. Engine upgrades, driver updates, OS releases - each one can resurface a bug class you thought you'd fixed because the underlying behavior changed slightly. Regression tests catch the obvious ones; player reports catch the rest.

When triaging a similar issue in production, prioritize gathering data over hypothesizing causes. A player report describes a symptom; what you need is a build SHA, a session timestamp, and ideally a screen recording or session replay. With those, the bug becomes tractable. Without them, you're guessing at hypothetical reproductions that may not match what the player actually hit.

Performance considerations

If this issue manifests under high load (many actors, many particles, many network connections), profile the post-fix code path with realistic counts. The original cost was a bug; the new cost is real work, and real work has a budget.

Diagnostic approach

Before applying any fix, gather enough context to be confident you're addressing the actual cause and not a similar-looking symptom. The cheapest diagnostic step is reproducing the bug deterministically - if you can't get the same failure twice in a row, your fix attempts will be hard to evaluate. Lock down the reproduction first.

For Godot-specific diagnostics, the editor's profiler is the canonical starting point. Capture a representative frame with the symptom present; compare against a frame without the symptom; the diff often points directly at the cause. If the symptom is non-deterministic, capture multiple frames and look for the pattern - the cause is usually a state transition or a specific input value rather than a continuous effect.

Tooling and ecosystem

The tooling around this bug class matters as much as the fix itself. Good logging, accessible profilers, and clear error messages turn 30-minute investigations into 5-minute ones. If your project doesn't have visibility into this code path, the first fix should add the visibility - the second fix uses it.

Within Godot, the relevant diagnostic surfaces include the standard frame debugger, memory profiler, and engine-specific debug overlays. Each one shows a different facet of what's happening. The frame debugger reveals draw call ordering and state transitions; the memory profiler shows allocation patterns; the debug overlay reveals per-system state. Bugs that resist one tool usually surrender to another - the trick is knowing which tool to reach for first.

Edge cases and pitfalls

Platform-specific edge cases are worth enumerating explicitly. iOS handles backgrounding differently than Android; Windows handles focus changes differently than macOS. A fix that works on the development platform may not work on every target. Test on each shipping platform deliberately.

When writing a regression test for this fix, focus on the boundary conditions that surfaced the original bug. Tests that exercise the happy path catch obvious regressions; tests that exercise the boundary catch the subtler regressions that look like new bugs but are really the original returning. The latter are the tests that earn their keep over the long life of the project.

Team communication

Document the fix and its rationale in the commit message or attached engineering doc. Future engineers will encounter related issues; the rationale tells them whether your fix is reusable or specific to the case at hand. Without rationale, the fix gets reverted or copied incorrectly.

If this fix touches a system several engineers work in, a short writeup in the team's engineering channel helps. Not a full design doc - a paragraph explaining what was wrong, what's fixed, and what to watch for. Future engineers encountering similar symptoms will search for the fix; making it findable is a small investment that pays back later.

“Keystore + alias + password + JDK 17. All four must agree, every export.”

Related Issues

For other Godot export issues, see Export Template Missing Android and Export Template Version Mismatch.

Generate. Configure. Verify Java 17. Sign. Ship.