I'm finding lots of horror stories about successfully signed/notarized apps that fail (in this exact same manner) when downloading a zipped version of said "successfully" notarized apps.
But I'm also seeing stuff that indicates that distributing signed/notarized apps by zipping them up and uploading them somewhere should be possible. You might get an "unknown sources" warning, but then it should say that no malware was detected and ask if you still want to install it.
The stapled notarization might not be the notarization that's used. I'm seeing that as long as there's a network connection, the notarization may come from Apple servers. Is it possible there could be a delay between a successful notarization and that notarization being available on Apple servers. A quick test might be to disconnect your machine from the Internet and see if that forces the stapled notarization to be used.
I'm just throwing stuff out there, by the way. Most of my knowledge of these things is what I've gleaned from you!
