Merchant verification failed for domain

Hi


We have a domain that originally validated successfully when uploading the .well-known/apple-developer-merchantid-domain-association.txt and I am currently successfully transacting Apple Pay payments.


Now we need to renew/verify again as the validation expires on the 10/01/2019 and I get the following error…


Verification failed for domain - Unable to establish a secure connection to 'https://{mydomain}/.well-known/apple-developer-merchantid-domain-association.txt'. Domain certificate is untrusted.


If I browse the .well-known URL all appears fine.


I have used Qualys SSL Labs https://www.ssllabs.com/ssltest/ who have rated the SSL A with Extended Validation.


The only difference I can see from when we previously verified and now is that we have a new SSL and the insecure TLS 1.0 is now disabled.


The issuer of the certificate is “COMODO RSA Extended Validation Secure Server CA”


Any help would be really appreciated.


Kind Regards


Luke

Replies

Just a quick update for anyone else having the same issues…


I was completely unable to get the Apple Merchant Domain Validation proses to work using the latest certificate for COMODO RSA Extended Validation Secure Server CA.


I cross checked all certificate requirements from the Apple Pay documentation with Comodo directly and everything suggests that it should work - however it fails every time. I can only assume that Apple don’t trust Comodo certificates or hasn’t updated it's domain validation tool.


My work around was to install a temporary 3 month certificate from letsencrypt.org and used it to validate the domain with Apple. Once validated I put back my Comodo certificate (my temporary certificate was only visible for 30 seconds).


Additionally, was able validate with TLS 1.0 disabled.


I don’t see this as a long-term solution but may help others in the same predicament.


Kind Regards


Luke

Thanks for sharing this information.

Do you know how this should work with local development?