This didnt happen before, as I was able to use the same encrypted private key and upload certificate for multiple apps without an expiration error message. Now I have to download a public key and recreate the private key path every time now. Is there a way to increase the expiration date on the public key?
We recently encountered the same issue. We have quite a few white-labeled apps all sharing the same signing key, and as we have been updating them we have been migrating them to google play managed signing using the same encrypted private key file generated from the pepk tool when google first introduced this requirement. That file has been working fine until recently, and now we are being forced to generate a new encrypted private key for each app.
I tried using an "expired" public key which had previously worked to re-encrypt the private key from the keystore, and that also failed with the expiration error. So this tells me that the expiration is not being caused from within the pepk tool. Also the public key you download has no embedded certificate or metadata, so I don't think the expiration is coming anywhere from our end.
I believe google is persisting state somewhere on their side and invalidating it based on time and/or usage, similar to how you'd invalidate a random generated pin number. I thought a good workaround may be to enroll all of the whitelisted apps in google play signing at the same time before it expired, however that yielded the same error.
Conclusion: The signing key from the keystore can be re-used, but the the encrypted private key that is generated from that keystore is one time use only and needs to be re-generated for each app store entry with a fresh pub key. Thankfully this only needs to happen once per app store entry to enable app play signing. You can continue signing all your app bundles with the same keystore file going forward after that.