Hi, I’m looking for clarification on Apple Pay merchant domain verification behavior. Our production domain’s verification expiry was extended without any action from our team.
Previous expiry: May 21, 2026 Current expiry: October 6, 2026
The Verify button is greyed out, and we can’t download a new .txt file. We did not re‑verify the domain during this time. A few weeks prior, we did renew our Apple Pay Merchant Identity certificate for Apple Pay on the web.
Could someone clarify:
-
Does updating the Merchant Identity certificate trigger automatic domain revalidation or expiry extension? If so, why was the extension only 4 months?
-
Does Apple automatically revalidate or extend merchant domain verification? Is this expected behavior, or should domains always be manually re‑verified?
Hi @Mrudula_AMC,
You wrote:
- Does updating the Merchant Identity certificate trigger automatic domain revalidation or expiry extension? If so, why was the extension only 4 months?
Updating your Merchant Identity certificate does not trigger automatic domain revalidation or expiry extension. Merchant domain verification is unrelated to the process of updating your Merchant Identity certificate.
If your certificate was renewed in approximately early-to-mid October 2025, then October 6, 2026, is almost exactly one year from that event. This strongly suggests the new domain expiry was re-anchored to the certificate renewal date rather than the original domain verification date, yielding a fresh ~1-year window.
Then, you wrote:
- Does Apple automatically revalidate or extend merchant domain verification? Is this expected behavior, or should domains always be manually re‑verified?
Apple Pay periodically re-verifies your domain based on the expiration date of your domain's SSL certificate. Domain verification expires when your domain's SSL certificate expires. Apple servers attempt to re-verify the domain 30, 15, and 7 days before the SSL certificate expires by making a request to the same path used for the original verification process. If you update the SSL certificate before it expires, Apple detects the renewed certificate, and the domain remains verified without further action on your part.
If automatic re-verification fails, or if the SSL certificate expires and is not replaced before expiring, you may need to manually re-verify the domain. This involves downloading and placing a new verification file on your server and redoing domain verification in your Apple Developer Account.
To learn more, see TN3173: Troubleshooting issues with your Apple Pay merchant identifier configuration
Cheers,
Paris X Pinkney | WWDR | DTS Engineer
