You will occasionally need to re-sign an app that was already signed. Some common scenarios include:
The process for re-signing an app is technically the same as signing an app the first time (you can use the Portal or the signing package). All the same prerequisites and tasks still apply. For instructions, see Sign an App (Admin Portal) and Sign an App (Signing Package).
However, there are some additional best practices to consider.
When you re-sign an app that was already installed on any of your users' devices, it is important that you sign it with the same signing credentials used to previously sign it.
iOS and Android do not allow a user to install an update of an app if the update is signed with credentials that differ from the currently installed version.
For iOS, when you renew a distribution provisioning profile it is still technically the same profile with an updated certificate and expiration date.
After you re-sign an app you'll want to inform your users that they need to download a new version of the app.