Apple Sign In - Verification failed for domain

I'd suggest inspecting the response from the request that's sent when you click on the "Verify" button. We had trouble too, but inspecting the response gave us a little more information (here's an example of a response we got - with some info edited out. In this particular case we had a 301 redirect that Apple wasn't keen to follow.) -

{

"responseId": "...",

"resultCode": ...,

"resultString": "Verification failed for domain",

"userString": "Error occurred while trying to access 'https://.../.well-known/apple-developer-domain-association.txt'. Received HTTP error code '301'.",

"creationTimestamp": "...",

"protocolVersion": "...",

"userLocale": "en_US",

"requestUrl": "https://developer.apple.com/services-account/.../account/ios/identifiers/verifyDomain",

"httpCode": 200

}

I tried doing this, but it didn't give me any other great info:

{
     "responseId":"...",
     "resultCode":13004,
     "resultString":"Verification failed for domain",
     "userString":"Verification failed for domain",
     "creationTimestamp":"2019-09-06T...",
     "protocolVersion":"QH65B2",
     "userLocale":"en_US",
     "requestUrl":"https://developer.apple.com/services-account/QH65B2/account/ios/identifiers/verifyDomain",
     "httpCode":200
}

Please let me know if you hear something - I'm having the same issue as you.

I'm having the same issue. Apple support won't help me. It's really infuriating...

Same here!!

Help please

Other than the responseId and timestamp, I get that exact response as well. No clue what's going wrong except that logs seem to show 301s happening on the server end. The file is exactly where it's supposed to be 😟 as far as I can tell.

So, as it turns out, our problem was that by default, all traffic to ourdomain.com was redirected to www.ourdomain.com. Since Apple doesn't like to follow redirects, it was failing the validation. Had to modify our configuration specifically for this file/situation so the file could be accessed directly at ourdomain.com/.well-known/apple-developer-domain-association.txt and the validation succeeded.

Same problem here. Has anyone resolved this issue?

I e-mailed support and got this answer:

"Your server must support the Transport Layer Security (TLS) 1.2 protocol and one of the cipher suites listed below:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_AES_128_CBC_SHA256

Please make sure your server meets these requirements and then place the file in a path starting with “https://“"

What I did was get an SSL Certificate from LetsEncrypt, then on my Digital Ocean server, set up the SSL Cipher to only be set to "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" and it then verified. Hope this helps anyone with this problem, this information should really be documented.

Thanks for your response. I'm still waiting for Apple to get back to me, but I expect they will say the same thing.

Our site actually supports most of those cipher suites, so I'm currently at a bit of a dead end. I can even see the requests coming in from apple to that path, and we're returning a 200 OK with the verification file.

Will keep investigating...

I was having the same issue and it turned out to be Cloudflare.

Based on a comment I read about redirects, I looked into my Cloudflare settings.

I turned off "Always Use HTTPS" and was able to successfully verify my domain.

Hope that helps you or perhaps someone else.

This wasn't the issue for me as my domain is currently https://abc.domain.io with no redirect.

I'm using AWS/S3/CloudFront to host the file, so I'm trying some different CloudFront settings. I'll report back if I can get those to work.

I am having this issue also - any resolution from anyone? I created a support case but Apple Support said it was nothing to do with them?? Just crazy!

The file they provided is available, at the exact URL they require, but verification fails, with no feedback or any details as to why.

Our company domain uses HTTPS, provided by LetsEncrypt / CertBot on Ubuntu 18, all working perfectly, all insecure cyphers removed and unavailable, so I don't think it is an https issue as with others.

Has anyone found any solution?

In general what it worked for us is to expose the file directry from the domain (e.g mydomain.com ). Apple trys to find the file by in the following directory https://mydomain.com/.well-known/apple-developer-domain-association.txtIf your web app redirect the mydomain.com to www.mydomain.com, the vrification will fail.

I guess apple does not like the redirect option.

Hello, do you have any updates regarding this verification? Are you able to verify now?