xcrun stapler could not validate ticket, error 65

June 4, 2026

When publishing a macOS app, you need to go through code signing and “notarization” of the app and DMG file to avoid “unverified developer” warnings.

This is well integrated in Xcode, and frameworks like Electron and Tauri also have direct support for this (see How to sign and notarize an Electron app and Tauri macOS code signing).

But the app I’m building, TZBar, is native (no Electron or Tauri), but small enough that I didn’t want to bother with Xcode at all. Just plain swift build. This also meant doing the code signing and notarizaiton from the CLI, which luckily is well documented in this Stack Overflow answer.

That’s how I learnt about the stapling process. While notarization means uploading your app for Apple to scan and approve it, that “verification ticket” can be “stapled” onto the app file itself so that the verification can be done offline on users devices.

This is optional since when connected to the internet, the system will just check the app’s signature for notarization status online, and users who just downloaded your app are typically connected to the internet. 😂

Anyway, it’s done with this command:

xcrun stapler staple App.dmg

Error 65

However the above command failed with:

$ xcrun stapler staple App.dmg
Processing: ~/App.dmg
Could not validate ticket for ~/App.dmg
The staple and validate action failed! Error 65.

Sounds like this error happens for many unrelated reasons with no way to know exactly what’s wrong…

In my case, the Apple root certificates were set to “always trust” instead of “system defaults” (probably from attempts to troubleshoot signing issues of past apps I worked on).

This is apparently a problem, and the stapler will fail if the certificates not set to “system defaults”.

So go in Keychain Access > System Roots, and for Apple Root, G2, G3 and WWDR, make sure to select System Defaults if it’s not the case already.

If this doesn’t solve it for you, this GitHub answer describes a few more steps that you can use to troubleshoot “health” of the signing setup.

$ xcrun stapler staple App.dmg
The staple and validate action worked!

Better!

Want to leave a comment?

Start a conversation on X or send me an email! 💌
This post helped you? Buy me a coffee! 🍻