ApplePay domain verification cipher suites

I have client that I am trying to set up ApplePay for web for.

When verifying the domain in the Apple developer dashboard I am getting the error “Domain verification failed. Review your TLS Certificate configuration to confirm that the certificate is accessible and a supported TLS Cipher Suite is used.”

We know the issue is CloudFlare as putting the UAT site into bypass in CF allowed us to verify the domain correctly.

My client has CF Business and I have verified the cipher suites listed as required by Apple are available via CF using both ssllabs.com and the command openssl s_client -cipher 'ECDHE-ECDSA-AES128-GCM-SHA256' -connect example.com:443

Any ideas what the issue could be? The verification file is on the server and can be retrieved using browser/cUrl.

The request is not even coming through to my load balancer (external to CloudFlare).

The error isn’t cipher specific, it also mentions that maybe the certificate couldn’t be retrieved, which I would troubleshoot first.

First thing I would check is if there are any requests blocked by the Firewall, features like Browser Integrity Check, WAF, Bot Management are known to block non-browser requests, which could cause the issue here.

If you would like, create a support ticket, and we can check the specifics. Feel free to post your ticket# here, or in a DM if you have the permission, and I can take a look today.

Another post in our community mentioned that they had to grey-cloud the domain while verifying, while this may work, it doesn’t explain the reason it fails while orange-clouded:

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.