Apple Pay Integration Issue

App & System Services Apple Pay
basel360 OP
Created Feb ’21
Replies 5
Boosts 0
Views 1.5k
Participants 2

While trying to deploy our implementation for Apple Pay Integration on the backend side we faced an issue in verifying our domain on production environment. However on Dev environment everything is working well as expected.

This is the error that we currently face:

"Domain verification failed. Review your TLS Certificate configuration to confirm that the certificate is accessible and a supported TLS Cipher Suite is used."


Please note that both environments' domains are publicly accessible, hosted under Cloudflare, and both are behind Proxy.

I am attaching the configuration files for Ngnix used for both environment.

Adding to that we cannot disable proxy as it disables SSL.

Kindly advice.

Ngnix-Prod 1


Nginx-Dev 1


Replies  5
Boosts  0
Views  1.5k
Participants  2
Systems Engineer OP
Apple
Feb ’21

Please note that both environments' domains are publicly accessible, hosted under Cloudflare, and both are behind Proxy.

Try moving your domain out from behind a proxy. Note that this is a requirement from the Configuring Your Environment documentation. Just because it works in one in Environment does not mean it will work everywhere.

"Domains cannot be behind a proxy or redirect, and must be accessible to the Apple servers listed in Allow Apple IP Addresses for Domain Verification."

Next, if you are dynamically setting the Cipher Suites used there on your server then check that you are using one compatible with Apple Pays environment here.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0
basel360 OP
Mar ’21
Hello Mat,
Thanks for following up with our case.

Regarding your suggestion, when we disabled proxy on Cloudflare, we lost our SSL certificate and the domain stopped supporting https. So we have to keep the proxy in order to stay on https and have a valid SSL certificates.

Kindly, advice about an alternative solution.

Regards
0
Systems Engineer OP
Apple
Mar ’21

we lost our SSL certificate and the domain stopped supporting https.

Are you able to setup TLS on your domain without being in front of a proxy?


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
basel360 OP
Mar ’21
Being the proxy present is a mandatory for setting up TLS on the domain with Cloudflare.
Please, be aware that our Dev Server is also behind a proxy within Cloudflare and its working perfectly so this shouldn't be cause
0
Systems Engineer OP
Apple
Mar ’21

Please, be aware that our Dev Server is also behind a proxy within Cloudflare and its working perfectly so this shouldn't be cause

Okay, if you have verified that the proxy is not affecting your service, then I would try and set your server logs to be as verbose as possible and take a look at what is happening while you test domain verification. Are you seeing the domain verification request hit your server in the access logs?


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Apple Pay Integration Issue
First post date Last post date
 
 
Q