diff --git a/AltStore.xcodeproj/project.pbxproj b/AltStore.xcodeproj/project.pbxproj
index b6897373..b964c44b 100644
--- a/AltStore.xcodeproj/project.pbxproj
+++ b/AltStore.xcodeproj/project.pbxproj
@@ -115,6 +115,7 @@
 		BF54E8212315EF0D000AE0D8 /* ALTPatreonBenefitType.m in Sources */ = {isa = PBXBuildFile; fileRef = BF54E8202315EF0D000AE0D8 /* ALTPatreonBenefitType.m */; };
 		BF5AB3A82285FE7500DC914B /* AltSign.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = BF5AB3A72285FE6C00DC914B /* AltSign.framework */; };
 		BF5AB3A92285FE7500DC914B /* AltSign.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = BF5AB3A72285FE6C00DC914B /* AltSign.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
+		BF6F439223644C6E00A0B879 /* RefreshAltStoreViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = BF6F439123644C6E00A0B879 /* RefreshAltStoreViewController.swift */; };
 		BF74989B23621C0700CED65F /* ForwardingNavigationController.swift in Sources */ = {isa = PBXBuildFile; fileRef = BF74989A23621C0700CED65F /* ForwardingNavigationController.swift */; };
 		BF770E5122BB1CF6002A40FE /* InstallAppOperation.swift in Sources */ = {isa = PBXBuildFile; fileRef = BF770E5022BB1CF6002A40FE /* InstallAppOperation.swift */; };
 		BF770E5422BC044E002A40FE /* AppOperationContext.swift in Sources */ = {isa = PBXBuildFile; fileRef = BF770E5322BC044E002A40FE /* AppOperationContext.swift */; };
@@ -396,6 +397,7 @@
 		BF54E81F2315EF0D000AE0D8 /* ALTPatreonBenefitType.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ALTPatreonBenefitType.h; sourceTree = "<group>"; };
 		BF54E8202315EF0D000AE0D8 /* ALTPatreonBenefitType.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ALTPatreonBenefitType.m; sourceTree = "<group>"; };
 		BF5AB3A72285FE6C00DC914B /* AltSign.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; path = AltSign.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+		BF6F439123644C6E00A0B879 /* RefreshAltStoreViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RefreshAltStoreViewController.swift; sourceTree = "<group>"; };
 		BF74989A23621C0700CED65F /* ForwardingNavigationController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ForwardingNavigationController.swift; sourceTree = "<group>"; };
 		BF770E5022BB1CF6002A40FE /* InstallAppOperation.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = InstallAppOperation.swift; sourceTree = "<group>"; };
 		BF770E5322BC044E002A40FE /* AppOperationContext.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppOperationContext.swift; sourceTree = "<group>"; };
@@ -1068,6 +1070,7 @@
 				BFE6325922A83BEB00F30809 /* Authentication.storyboard */,
 				BFF0B6932321CB85007A79E1 /* AuthenticationViewController.swift */,
 				BFF0B6972322CAB8007A79E1 /* InstructionsViewController.swift */,
+				BF6F439123644C6E00A0B879 /* RefreshAltStoreViewController.swift */,
 			);
 			path = Authentication;
 			sourceTree = "<group>";
@@ -1487,6 +1490,7 @@
 				BF3D64B022E8D4B800E9056B /* AppContentViewControllerCells.swift in Sources */,
 				BFBBE2DD22931B20002097FA /* AltStore.xcdatamodeld in Sources */,
 				BF02419422F2156E00129732 /* RefreshAttempt.swift in Sources */,
+				BF6F439223644C6E00A0B879 /* RefreshAltStoreViewController.swift in Sources */,
 				BFE60742231B07E6002B0E8E /* SettingsHeaderFooterView.swift in Sources */,
 				BFE338E822F10E56002E24B9 /* LaunchViewController.swift in Sources */,
 				BFB1169B2293274D00BB457C /* JSONDecoder+ManagedObjectContext.swift in Sources */,
diff --git a/AltStore/Authentication/Authentication.storyboard b/AltStore/Authentication/Authentication.storyboard
index 2ada4c02..cbaa43f0 100644
--- a/AltStore/Authentication/Authentication.storyboard
+++ b/AltStore/Authentication/Authentication.storyboard
@@ -2,7 +2,6 @@
 <document type="com.apple.InterfaceBuilder3.CocoaTouch.Storyboard.XIB" version="3.0" toolsVersion="15400" targetRuntime="iOS.CocoaTouch" propertyAccessControl="none" useAutolayout="YES" useTraitCollections="YES" useSafeAreas="YES" colorMatched="YES">
     <device id="retina4_7" orientation="portrait" appearance="light"/>
     <dependencies>
-        <deployment identifier="iOS"/>
         <plugIn identifier="com.apple.InterfaceBuilder.IBCocoaTouchPlugin" version="15404"/>
         <capability name="Named colors" minToolsVersion="9.0"/>
         <capability name="Safe area layout guides" minToolsVersion="9.0"/>
@@ -443,13 +442,77 @@
             </objects>
             <point key="canvasLocation" x="1353" y="736"/>
         </scene>
+        <!--Refresh AltStore-->
+        <scene sceneID="9Vh-dM-OqX">
+            <objects>
+                <viewController storyboardIdentifier="refreshAltStoreViewController" id="aoK-yE-UVT" customClass="RefreshAltStoreViewController" customModule="AltStore" customModuleProvider="target" sceneMemberID="viewController">
+                    <view key="view" contentMode="scaleToFill" preservesSuperviewLayoutMargins="YES" id="R83-kV-365">
+                        <rect key="frame" x="0.0" y="0.0" width="375" height="667"/>
+                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                        <subviews>
+                            <view contentMode="scaleToFill" translatesAutoresizingMaskIntoConstraints="NO" id="fpO-Bf-gFY" customClass="RSTPlaceholderView">
+                                <rect key="frame" x="0.0" y="0.0" width="375" height="667"/>
+                            </view>
+                            <stackView opaque="NO" contentMode="scaleToFill" axis="vertical" spacing="8" translatesAutoresizingMaskIntoConstraints="NO" id="tDQ-ao-1Jg">
+                                <rect key="frame" x="16" y="570" width="343" height="89"/>
+                                <subviews>
+                                    <button opaque="NO" contentMode="scaleToFill" contentHorizontalAlignment="center" contentVerticalAlignment="center" buttonType="roundedRect" lineBreakMode="middleTruncation" translatesAutoresizingMaskIntoConstraints="NO" id="xcg-hT-tDe" customClass="PillButton" customModule="AltStore" customModuleProvider="target">
+                                        <rect key="frame" x="0.0" y="0.0" width="343" height="51"/>
+                                        <color key="backgroundColor" name="SettingsHighlighted"/>
+                                        <constraints>
+                                            <constraint firstAttribute="height" constant="51" id="SJA-N9-Z6u"/>
+                                        </constraints>
+                                        <fontDescription key="fontDescription" type="system" weight="semibold" pointSize="19"/>
+                                        <color key="tintColor" name="SettingsHighlighted"/>
+                                        <state key="normal" title="Refresh Now">
+                                            <color key="titleColor" white="1" alpha="1" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
+                                        </state>
+                                        <connections>
+                                            <action selector="refreshAltStore:" destination="aoK-yE-UVT" eventType="primaryActionTriggered" id="WQu-9b-Zgg"/>
+                                        </connections>
+                                    </button>
+                                    <button opaque="NO" contentMode="scaleToFill" contentHorizontalAlignment="center" contentVerticalAlignment="center" buttonType="roundedRect" lineBreakMode="middleTruncation" translatesAutoresizingMaskIntoConstraints="NO" id="qua-VA-asJ">
+                                        <rect key="frame" x="0.0" y="59" width="343" height="30"/>
+                                        <fontDescription key="fontDescription" type="boldSystem" pointSize="15"/>
+                                        <state key="normal" title="Refresh Later">
+                                            <color key="titleColor" white="1" alpha="1" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
+                                        </state>
+                                        <connections>
+                                            <action selector="cancel:" destination="aoK-yE-UVT" eventType="primaryActionTriggered" id="ffO-0a-LdE"/>
+                                        </connections>
+                                    </button>
+                                </subviews>
+                            </stackView>
+                        </subviews>
+                        <color key="backgroundColor" name="SettingsBackground"/>
+                        <constraints>
+                            <constraint firstItem="fpO-Bf-gFY" firstAttribute="leading" secondItem="iwE-xE-ziz" secondAttribute="leading" id="A77-nX-Wg2"/>
+                            <constraint firstAttribute="trailingMargin" secondItem="tDQ-ao-1Jg" secondAttribute="trailing" id="KPg-sO-Rnc"/>
+                            <constraint firstItem="fpO-Bf-gFY" firstAttribute="trailing" secondItem="iwE-xE-ziz" secondAttribute="trailing" id="SGI-1D-Eaw"/>
+                            <constraint firstItem="fpO-Bf-gFY" firstAttribute="bottom" secondItem="R83-kV-365" secondAttribute="bottom" id="cHl-7X-dW1"/>
+                            <constraint firstAttribute="bottomMargin" secondItem="tDQ-ao-1Jg" secondAttribute="bottom" id="kLN-e7-BJE"/>
+                            <constraint firstItem="fpO-Bf-gFY" firstAttribute="top" secondItem="R83-kV-365" secondAttribute="top" id="oKo-10-7kD"/>
+                            <constraint firstItem="tDQ-ao-1Jg" firstAttribute="leading" secondItem="R83-kV-365" secondAttribute="leadingMargin" id="zEt-Xr-kJx"/>
+                        </constraints>
+                        <viewLayoutGuide key="safeArea" id="iwE-xE-ziz"/>
+                    </view>
+                    <navigationItem key="navigationItem" title="Refresh AltStore" largeTitleDisplayMode="always" id="5nk-NR-jtV"/>
+                    <simulatedNavigationBarMetrics key="simulatedTopBarMetrics" prompted="NO"/>
+                    <connections>
+                        <outlet property="placeholderView" destination="fpO-Bf-gFY" id="q7d-au-d94"/>
+                    </connections>
+                </viewController>
+                <placeholder placeholderIdentifier="IBFirstResponder" id="Chr-7g-qEw" userLabel="First Responder" customClass="UIResponder" sceneMemberID="firstResponder"/>
+            </objects>
+            <point key="canvasLocation" x="2101.5999999999999" y="733.5832083958021"/>
+        </scene>
     </scenes>
     <resources>
         <namedColor name="SettingsBackground">
             <color red="0.0039215686274509803" green="0.50196078431372548" blue="0.51764705882352946" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
         </namedColor>
         <namedColor name="SettingsHighlighted">
-            <color red="0.0078431372549019607" green="0.32156862745098042" blue="0.40392156862745099" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
+            <color red="0.0080000003799796104" green="0.32199999690055847" blue="0.40400001406669617" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
         </namedColor>
     </resources>
     <color key="tintColor" name="Primary"/>
diff --git a/AltStore/Authentication/RefreshAltStoreViewController.swift b/AltStore/Authentication/RefreshAltStoreViewController.swift
new file mode 100644
index 00000000..708a9d9d
--- /dev/null
+++ b/AltStore/Authentication/RefreshAltStoreViewController.swift
@@ -0,0 +1,87 @@
+//
+//  RefreshAltStoreViewController.swift
+//  AltStore
+//
+//  Created by Riley Testut on 10/26/19.
+//  Copyright © 2019 Riley Testut. All rights reserved.
+//
+
+import UIKit
+import AltSign
+
+import Roxas
+
+class RefreshAltStoreViewController: UIViewController
+{
+    var signer: ALTSigner!
+    
+    var completionHandler: ((Result<Void, Error>) -> Void)?
+    
+    @IBOutlet private var placeholderView: RSTPlaceholderView!
+    
+    override func viewDidLoad()
+    {
+        super.viewDidLoad()
+        
+        self.placeholderView.textLabel.isHidden = true
+        
+        self.placeholderView.detailTextLabel.textAlignment = .left
+        self.placeholderView.detailTextLabel.textColor = UIColor.white.withAlphaComponent(0.6)
+        self.placeholderView.detailTextLabel.text = NSLocalizedString("AltStore was unable to use an existing signing certificate, so it had to create a new one. This will cause any apps installed with an existing certificate to expire — including AltStore.\n\nTo prevent AltStore from expiring early, please refresh the app now. AltStore will quit once refreshing is complete.", comment: "")
+    }
+}
+
+private extension RefreshAltStoreViewController
+{
+    @IBAction func refreshAltStore(_ sender: PillButton)
+    {
+        guard let altStore = InstalledApp.fetchAltStore(in: DatabaseManager.shared.viewContext) else { return }
+                
+        func refresh()
+        {
+            sender.isIndicatingActivity = true
+            
+            if let progress = AppManager.shared.refreshProgress(for: altStore) ?? AppManager.shared.installationProgress(for: altStore)
+            {
+                // Cancel pending AltStore refresh so we can start a new one.
+                progress.cancel()
+            }
+            
+            let group = OperationGroup()
+            group.signer = self.signer // Prevent us from trying to authenticate a second time.
+            group.completionHandler = { (result) in
+                if let error = result.error ?? result.value?.values.compactMap({ $0.error }).first
+                {
+                    DispatchQueue.main.async {
+                        sender.progress = nil
+                        sender.isIndicatingActivity = false
+                        
+                        let alertController = UIAlertController(title: NSLocalizedString("Failed to Refresh AltStore", comment: ""), message: error.localizedDescription, preferredStyle: .alert)
+                        alertController.addAction(UIAlertAction(title: NSLocalizedString("Try Again", comment: ""), style: .default, handler: { (action) in
+                            refresh()
+                        }))
+                        alertController.addAction(UIAlertAction(title: NSLocalizedString("Refresh Later", comment: ""), style: .cancel, handler: { (action) in
+                            self.completionHandler?(.failure(error))
+                        }))
+                        
+                        self.present(alertController, animated: true, completion: nil)
+                    }
+                }
+                else
+                {
+                    self.completionHandler?(.success(()))
+                }
+            }
+            
+            _ = AppManager.shared.refresh([altStore], presentingViewController: self, group: group)
+            sender.progress = group.progress
+        }
+        
+        refresh()
+    }
+    
+    @IBAction func cancel(_ sender: UIButton)
+    {
+        self.completionHandler?(.failure(OperationError.cancelled))
+    }
+}
diff --git a/AltStore/Components/Keychain.swift b/AltStore/Components/Keychain.swift
index df82eb60..da44ae2d 100644
--- a/AltStore/Components/Keychain.swift
+++ b/AltStore/Components/Keychain.swift
@@ -11,11 +11,65 @@ import KeychainAccess
 
 import AltSign
 
+@propertyWrapper
+struct KeychainItem<Value>
+{
+    let key: String
+    
+    var wrappedValue: Value? {
+        get {
+            switch Value.self
+            {
+            case is Data.Type: return try? Keychain.shared.keychain.getData(self.key) as? Value
+            case is String.Type: return try? Keychain.shared.keychain.getString(self.key) as? Value
+            default: return nil
+            }
+        }
+        set {
+            switch Value.self
+            {
+            case is Data.Type: Keychain.shared.keychain[data: self.key] = newValue as? Data
+            case is String.Type: Keychain.shared.keychain[self.key] = newValue as? String
+            default: break
+            }
+        }
+    }
+    
+    init(key: String)
+    {
+        self.key = key
+    }
+}
+
 class Keychain
 {
     static let shared = Keychain()
     
-    private let keychain = KeychainAccess.Keychain(service: "com.rileytestut.AltStore").accessibility(.afterFirstUnlock).synchronizable(true)
+    fileprivate let keychain = KeychainAccess.Keychain(service: "com.rileytestut.AltStore").accessibility(.afterFirstUnlock).synchronizable(true)
+    
+    @KeychainItem(key: "appleIDEmailAddress")
+    var appleIDEmailAddress: String?
+    
+    @KeychainItem(key: "appleIDPassword")
+    var appleIDPassword: String?
+    
+    @KeychainItem(key: "signingCertificatePrivateKey")
+    var signingCertificatePrivateKey: Data?
+    
+    @KeychainItem(key: "signingCertificateSerialNumber")
+    var signingCertificateSerialNumber: String?
+    
+    @KeychainItem(key: "signingCertificate")
+    var signingCertificate: Data?
+    
+    @KeychainItem(key: "signingCertificatePassword")
+    var signingCertificatePassword: String?
+    
+    @KeychainItem(key: "patreonAccessToken")
+    var patreonAccessToken: String?
+    
+    @KeychainItem(key: "patreonRefreshToken")
+    var patreonRefreshToken: String?
     
     private init()
     {
@@ -29,66 +83,3 @@ class Keychain
         self.signingCertificateSerialNumber = nil
     }
 }
-
-extension Keychain
-{
-    var appleIDEmailAddress: String? {
-        get {
-            let emailAddress = try? self.keychain.get("appleIDEmailAddress")
-            return emailAddress
-        }
-        set {
-           self.keychain["appleIDEmailAddress"] = newValue
-        }
-    }
-    
-    var appleIDPassword: String? {
-        get {
-            let password = try? self.keychain.get("appleIDPassword")
-            return password
-        }
-        set {
-            self.keychain["appleIDPassword"] = newValue
-        }
-    }
-    
-    var signingCertificatePrivateKey: Data? {
-        get {
-            let privateKey = try? self.keychain.getData("signingCertificatePrivateKey")
-            return privateKey
-        }
-        set {
-            self.keychain[data: "signingCertificatePrivateKey"] = newValue
-        }
-    }
-    
-    var signingCertificateSerialNumber: String? {
-        get {
-            let serialNumber = try? self.keychain.get("signingCertificateSerialNumber")
-            return serialNumber
-        }
-        set {
-            self.keychain["signingCertificateSerialNumber"] = newValue
-        }
-    }
-    
-    var patreonAccessToken: String? {
-        get {
-            let accessToken = try? self.keychain.get("patreonAccessToken")
-            return accessToken
-        }
-        set {
-            self.keychain["patreonAccessToken"] = newValue
-        }
-    }
-    
-    var patreonRefreshToken: String? {
-        get {
-            let refreshToken = try? self.keychain.get("patreonRefreshToken")
-            return refreshToken
-        }
-        set {
-            self.keychain["patreonRefreshToken"] = newValue
-        }
-    }
-}
diff --git a/AltStore/Managing Apps/AppManager.swift b/AltStore/Managing Apps/AppManager.swift
index 993ff6d8..a87519c8 100644
--- a/AltStore/Managing Apps/AppManager.swift	
+++ b/AltStore/Managing Apps/AppManager.swift	
@@ -149,7 +149,7 @@ extension AppManager
     
     func refresh(_ installedApps: [InstalledApp], presentingViewController: UIViewController?, group: OperationGroup? = nil) -> OperationGroup
     {
-        let apps = installedApps.filter { self.refreshProgress(for: $0) == nil }
+        let apps = installedApps.filter { self.refreshProgress(for: $0) == nil || self.refreshProgress(for: $0)?.isCancelled == true }
 
         let group = self.install(apps, forceDownload: false, presentingViewController: presentingViewController, group: group)
         
@@ -183,18 +183,6 @@ private extension AppManager
         let group = group ?? OperationGroup()
         var operations = [Operation]()
         
-        
-        /* Authenticate */
-        let authenticationOperation = AuthenticationOperation(presentingViewController: presentingViewController)
-        authenticationOperation.resultHandler = { (result) in
-            switch result
-            {
-            case .failure(let error): group.error = error
-            case .success(let signer): group.signer = signer
-            }
-        }
-        operations.append(authenticationOperation)
-        
         /* Find Server */
         let findServerOperation = FindServerOperation(group: group)
         findServerOperation.resultHandler = { (result) in
@@ -204,9 +192,23 @@ private extension AppManager
             case .success(let server): group.server = server
             }
         }
-        findServerOperation.addDependency(authenticationOperation)
         operations.append(findServerOperation)
         
+        if group.signer == nil
+        {
+            /* Authenticate */
+            let authenticationOperation = AuthenticationOperation(presentingViewController: presentingViewController)
+            authenticationOperation.resultHandler = { (result) in
+                switch result
+                {
+                case .failure(let error): group.error = error
+                case .success(let signer): group.signer = signer
+                }
+            }
+            operations.append(authenticationOperation)
+            
+            findServerOperation.addDependency(authenticationOperation)
+        }        
         
         for app in apps
         {
@@ -344,7 +346,11 @@ private extension AppManager
             guard !context.isFinished else { return }
             context.isFinished = true
             
-            self.refreshProgress[context.bundleIdentifier] = nil
+            if let progress = self.refreshProgress[context.bundleIdentifier], progress == context.group.progress(forAppWithBundleIdentifier: context.bundleIdentifier)
+            {
+                // Only remove progress if it hasn't been replaced by another one.
+                self.refreshProgress[context.bundleIdentifier] = nil
+            }
             
             if let error = context.error
             {
diff --git a/AltStore/Operations/AuthenticationOperation.swift b/AltStore/Operations/AuthenticationOperation.swift
index db8271dc..932826ad 100644
--- a/AltStore/Operations/AuthenticationOperation.swift
+++ b/AltStore/Operations/AuthenticationOperation.swift
@@ -36,7 +36,10 @@ class AuthenticationOperation: ResultOperation<ALTSigner>
     
     private lazy var navigationController: UINavigationController = {
         let navigationController = self.storyboard.instantiateViewController(withIdentifier: "navigationController") as! UINavigationController
-        navigationController.presentationController?.delegate = self
+        if #available(iOS 13.0, *)
+        {
+            navigationController.isModalInPresentation = true
+        }
         return navigationController
     }()
     
@@ -150,18 +153,25 @@ class AuthenticationOperation: ResultOperation<ALTSigner>
                 Keychain.shared.appleIDEmailAddress = altAccount.appleID // "account" may have nil appleID since we just saved.
                 Keychain.shared.appleIDPassword = self.appleIDPassword
                 
-                Keychain.shared.signingCertificateSerialNumber = signer.certificate.serialNumber
-                Keychain.shared.signingCertificatePrivateKey = signer.certificate.privateKey
+                Keychain.shared.signingCertificate = signer.certificate.p12Data()
+                Keychain.shared.signingCertificatePassword = signer.certificate.machineIdentifier
                 
-                super.finish(.success(signer))
+                // Refresh screen must go last since a successful refresh will cause the app to quit.
+                self.showRefreshScreenIfNecessary() { (didShowRefreshAlert) in
+                    super.finish(.success(signer))
+                    
+                    DispatchQueue.main.async {
+                        self.navigationController.dismiss(animated: true, completion: nil)
+                    }
+                }
             }
             catch
             {
                 super.finish(.failure(error))
-            }
-            
-            DispatchQueue.main.async {
-                self.navigationController.dismiss(animated: true, completion: nil)
+                
+                DispatchQueue.main.async {
+                    self.navigationController.dismiss(animated: true, completion: nil)
+                }
             }
         }
     }
@@ -352,19 +362,45 @@ private extension AuthenticationOperation
                 let certificates = try Result(certificates, error).get()
                 
                 if
+                    let data = Keychain.shared.signingCertificate,
+                    let localCertificate = ALTCertificate(p12Data: data, password: nil),
+                    let certificate = certificates.first(where: { $0.serialNumber == localCertificate.serialNumber })
+                {
+                    // We have a certificate stored in the keychain and it hasn't been revoked.
+                    localCertificate.machineIdentifier = certificate.machineIdentifier
+                    completionHandler(.success(localCertificate))
+                }
+                else if
                     let serialNumber = Keychain.shared.signingCertificateSerialNumber,
                     let privateKey = Keychain.shared.signingCertificatePrivateKey,
                     let certificate = certificates.first(where: { $0.serialNumber == serialNumber })
                 {
+                    // LEGACY
+                    // We have the private key for one of the certificates, so add it to certificate and use it.
                     certificate.privateKey = privateKey
                     completionHandler(.success(certificate))
                 }
+                else if
+                    let serialNumber = Bundle.main.object(forInfoDictionaryKey: Bundle.Info.certificateID) as? String,
+                    let certificate = certificates.first(where: { $0.serialNumber == serialNumber }),
+                    let machineIdentifier = certificate.machineIdentifier,
+                    FileManager.default.fileExists(atPath: Bundle.main.certificateURL.path),
+                    let data = try? Data(contentsOf: Bundle.main.certificateURL),
+                    let localCertificate = ALTCertificate(p12Data: data, password: machineIdentifier)
+                {
+                    // We have an embedded certificate that hasn't been revoked.
+                    localCertificate.machineIdentifier = machineIdentifier
+                    completionHandler(.success(localCertificate))
+                }
                 else if certificates.isEmpty
                 {
+                    // No certificates, so request a new one.
                     requestCertificate()
                 }
                 else
                 {
+                    // We don't have private keys for any of the certificates,
+                    // so we need to revoke one and create a new one.
                     replaceCertificate(from: certificates)
                 }
             }
@@ -392,19 +428,26 @@ private extension AuthenticationOperation
             }
         }
     }
-}
-
-extension AuthenticationOperation: UIAdaptivePresentationControllerDelegate
-{
-    func presentationControllerDidDismiss(_ presentationController: UIPresentationController)
+    
+    func showRefreshScreenIfNecessary(completionHandler: @escaping (Bool) -> Void)
     {
-        if let signer = self.signer
-        {
-            self.finish(.success(signer))
-        }
-        else
-        {
-            self.finish(.failure(OperationError.cancelled))
+        guard let signer = self.signer else { return completionHandler(false) }
+        guard let application = ALTApplication(fileURL: Bundle.main.bundleURL), let provisioningProfile = application.provisioningProfile else { return completionHandler(false) }
+        
+        // If we're not using the same certificate used to install AltStore, warn user that they need to refresh.
+        guard !provisioningProfile.certificates.contains(signer.certificate) else { return completionHandler(false) }
+        
+        DispatchQueue.main.async {
+            let refreshViewController = self.storyboard.instantiateViewController(withIdentifier: "refreshAltStoreViewController") as! RefreshAltStoreViewController
+            refreshViewController.signer = signer
+            refreshViewController.completionHandler = { _ in
+                completionHandler(true)
+            }
+            
+            if !self.present(refreshViewController)
+            {
+                completionHandler(false)
+            }
         }
     }
 }
diff --git a/AltStore/Operations/OperationGroup.swift b/AltStore/Operations/OperationGroup.swift
index 83b765f3..a6891823 100644
--- a/AltStore/Operations/OperationGroup.swift
+++ b/AltStore/Operations/OperationGroup.swift
@@ -73,7 +73,12 @@ class OperationGroup
     
     func progress(for app: AppProtocol) -> Progress?
     {
-        let progress = self.progressByBundleIdentifier[app.bundleIdentifier]
+        return self.progress(forAppWithBundleIdentifier: app.bundleIdentifier)
+    }
+    
+    func progress(forAppWithBundleIdentifier bundleIdentifier: String) -> Progress?
+    {
+        let progress = self.progressByBundleIdentifier[bundleIdentifier]
         return progress
     }
 }
diff --git a/AltStore/Operations/ResignAppOperation.swift b/AltStore/Operations/ResignAppOperation.swift
index ec776819..77ecc50e 100644
--- a/AltStore/Operations/ResignAppOperation.swift
+++ b/AltStore/Operations/ResignAppOperation.swift
@@ -400,6 +400,21 @@ private extension ResignAppOperation
                     guard let udid = Bundle.main.object(forInfoDictionaryKey: Bundle.Info.deviceID) as? String else { throw OperationError.unknownUDID }
                     additionalValues[Bundle.Info.deviceID] = udid
                     additionalValues[Bundle.Info.serverID] = UserDefaults.standard.preferredServerID
+                    
+                    if
+                        let data = Keychain.shared.signingCertificate,
+                        let signingCertificate = ALTCertificate(p12Data: data, password: nil),
+                        let encryptingPassword = Keychain.shared.signingCertificatePassword
+                    {
+                        additionalValues[Bundle.Info.certificateID] = signingCertificate.serialNumber
+                        
+                        let encryptedData = signingCertificate.encryptedP12Data(withPassword: encryptingPassword)
+                        try encryptedData?.write(to: appBundle.certificateURL, options: .atomic)
+                    }
+                    else
+                    {
+                        // The embedded certificate + certificate identifier are already in app bundle, no need to update them.
+                    }
                 }
                 
                 // Prepare app