cannot sign iOS app in XCode - in a catch 22
Solution 1:
You seem to think that there's a contradiction between the two message you receive, but actually they're saying the same thing.
You lack the private key for your iOS Distribution certificate on your computer. You cannot use the iOS Distribution certificate for signing anything without the private key.
You (or someone else on your team) have generated that private key at some point. If you have the private key on a different computer, in a backup, or can get it from someone else, you'll just need to export the key from that other computer and import it on this computer. Then you can proceed with automatic signing or manual signing like you have already done.
If you cannot recover the private key, you'll run into the message that you have seen saying that you cannot generate yet another iOS Distribution certificate as you have already reached your limit. You can overcome that by revoking your existing certificate(s). You do that on the developer web site in "Certificate, Identifiers & Profiles". Click "Certificate" in the menu on the left, click on your certificate and then click the red "Revoke" button.
After revoking your certificate, you can proceed with automatic signing and generate a new certificate.