How can I stop needing to verify my Merchant Domain manually every month?

Our client's site uses Apple Pay, and once a month we get a series of email notifying us that the domain verification is about to expire:

Code Block 
Your website domain that uses Apple Pay has an SSL Certificate that expires on Oct 11, 2020. We were unable to automatically to reverify your domain. To ensure uninterrupted use of Apple Pay on your website, revalidate your domain by Oct 11, 2020 in Certificates, Identifiers & Profiles.


The site uses Let's Encrypt to automatically renew its SSL cert monthly.

Every time that happens, we need to log into the Apple Developer tools, navigate to Certificates, Identifiers, and Profiles -> Identifiers -> Merchant IDs -> ID -> Merchant Domains, then download the file and drop it onto the server with SFTP. It's a pain.

Is there a way to automate this process (or better yet, stop it from happening)? I can't imagine monthly-renewing SSL certificates is a particularly uncommon thing.

Up vote post of ActualJohn Down vote post of ActualJohn
3k views
Posted by
ActualJohn
Reply

  • I have the same problem... did you find a solution to this? The verification is active for 2 months for me, then I have to download a new domain verification key and upload to my host. A pain in the *** when you manage several domains and merchant ids...

    Isakd
Add a Comment

Replies

Sorry I don't have any suggestions, but I'd love to see Apple implement a better procedure for this as well. +1
Posted by
ian-fenderton
Up vote reply of ian-fenderton Down vote reply of ian-fenderton
Add a Comment
I have the same problem.

According to the manual https://developer.apple.com/documentation/apple_pay_on_the_web/maintaining_your_environment

Make sure that the specified URL you originally used when validating
the merchant domain is accessible to Apple servers listed in Allow Apple IP Addresses for Domain Verification. The URL may be similar to 

Code Block 
https://yourdomain.com/.well-known/apple-developer-merchantid-domain-association.

I am sure that Apple’s IP is not blocked, and Let's Encrypt SSL has automatically renew before expiring. But in access logs cannot be found these URL 
Code Block 
 https://mydomain.com/.well-known/apple-developer-merchantid-domain-association or https://mydomain.com/.well -known/apple-developer-merchantid-domain-association.txt


What is wrong with Apple's automatic verification?




Posted by
hipfox
Up vote reply of hipfox Down vote reply of hipfox
Add a Comment
I have this same problem and my certificate isn't about to expire, this looks more to be a bug in Apple's process than anything.
Posted by
jjm340123123
Up vote reply of jjm340123123 Down vote reply of jjm340123123
Add a Comment
We have exactly the same isssue at our company. The initial verification passes, we keep the verification files on the server and still the automatic reverification fails. I even set up some logging, and I see some accesses from the IPs listed in Apples docs but they're just visits to the homepage, not the verification file. Usually there's two of them in short succession. We return HTTP 200 to both. Verification still fails :-/
Posted by
Voyta
Up vote reply of Voyta Down vote reply of Voyta
Add a Comment
we've got the same issue here - initial verification process passes without any issues but the reverification just never happens. SSL Certs have been renewed but apple just never gets aware of that.
Posted by
YouPlant
Up vote reply of YouPlant Down vote reply of YouPlant
Add a Comment
Have to same issue for past 8 months. Our files are merchant domain association text files are publicly accessible. We use Let's Encrypt certs that are definitely renewed at least 10 day before expiration. Generally they are renewed 30 day before. It's really frustrating to have to manually update the certs every 2 months for all our environments.

Anyone solve this for Let's Encrypt?
Posted by
dsicknl
Up vote reply of dsicknl Down vote reply of dsicknl
Add a Comment

Hi All, we are facing the same scenario here. In the end did any of you had to reupload the .txt files or take any other action. ? Domain shows as verified and our SSL certs for the server have been renewed. Or was it an issue on Apple's side?

Posted by
samidaik
Up vote reply of samidaik Down vote reply of samidaik
Add a Comment

Can someone from Apple respond to this? This is a bit of a deal breaker for implementing Apple Pay on our sites. We have around 300 of them and if we have to manually upload and verify for every domain AND revalidate once our SSL certs are renewed then it's not really a viable payment solution.

Posted by
nickshaw_15marketing
Up vote reply of nickshaw_15marketing Down vote reply of nickshaw_15marketing
Add a Comment

Any updates on this issue? Looking to automate the process, but I would need an API from Apple to query in order to pull down the domain validation string.

Posted by
wine
Post not yet marked as solved Up vote reply of wine Down vote reply of wine
Add a Comment

We are also having this issue on multiple domains. The domains will validate at first with no issue then consistently fail to automatically revalidate even when the SSL certs are properly renewed and the domain validation file still shows.

There is also no visibility into why the domains are failing validation from the developer console and no API to automate monitoring.

Posted by
pmkmobility
Up vote reply of pmkmobility Down vote reply of pmkmobility
Add a Comment