Webhooks URL validation fails only on new domain

API and Webhooks
,
1

Problem

We are ready to submit our application to the Zoom Marketplace for approval but are stuck on an issue with webhook validation.

Our zoom webhook endpoint is a function app hosted on Azure. In the past, we have had no issues with validating it its default Azure domain.

However, after setting up a new domain (one that resolves to the exact same function app, running the exact same code as before), webhook validation fails with URL validation failed. Try again later.

Screenshot 2025-09-17 at 3.08.48 PM
Screenshot 2025-09-17 at 3.08.48 PM1308×516 56.8 KB

(Note that we set up this new domain because the webhooks endpoint is required to be on the same domain as the rest of our app.)

Summary

TLS Certs

The only difference I can think of is the TLS certs. I have confirmed that the TLS cert for the new site is valid: SSL Server Test: webhooks.therassist.ai (Powered by Qualys SSL Labs)

Could it be that Zoom has a list of allowed issuers and GeoTrust Global is not among them? Or, could it be that RSA4096 is not supported?

Debugging We’ve Done

  • Confirmed the handler returns application/json (not text/plain).
  • Confirmed both endpoints behave identically with curl -v (HTTP/2, correct body).
  • Verified the TLS handshake and certificate chain using openssl s_client.
  • Considered whether HTTP/1.1 vs HTTP/2 differences matter (both endpoints support both).
  • Looked at DNS — the custom domain resolves correctly to the same IP as the Azure subdomain.

Ask

If anyone has run into this **“**works on default cloud domain but fails on custom domain” situation, especially on Azure App Service, please share how you solved it.

Thanks!

2

Hi @maxgerlock ,

Thanks for sharing all the details — that really helps narrow things down. Since the same code works on the Azure domain but fails on your custom domain, the issue may be related to the TLS configuration rather than the webhook handler itself.

Browsers are often forgiving with SSL setups, but Zoom’s webhook validator is stricter. It could be that the custom domain isn’t serving the full certificate chain (leaf + intermediate(s) + root). If any intermediate is missing, Zoom won’t trust the connection even though SSL Labs and browsers show the cert as valid.

Here are some next steps to try:

  • Re-upload your SSL certificate to Azure App Service, making sure the entire certificate chain is included.

  • Verify with openssl s_client -connect webhooks.therassist.ai:443 -showcerts that the chain is complete.

  • If the issue persists, try issuing the cert with a standard RSA 2048-bit or ECC key instead of RSA 4096, just to rule out compatibility limits.

  • Double-check DNS records (A/AAAA) to ensure there’s no IPv6 resolution mismatch.

Once the chain is complete and bound correctly, webhook validation should succeed on the custom domain as it does on the default Azure domain.

If not resolved from the above, @kwaku.nyante can you chime in and help with next steps of manual validation? Thank you!

4

@maxgerlock Sorry, never got a response here, but if you still need help, let me know so I can provide manual domain validation instructions.

5

Hi Kwaku, apologies for the delay in reply. Could you please provide instructions for manual verification?

6

Hey there, just checking in - @kwaku.nyante are you able to help me with manual validation?

7

Sorry I responded to your DM its usually 48hr SLA from the time we recieve your information as we mentioned in the initial DM sent to you so please be patient.

Regards, Kwaku

8

I’m sorry - where can I find DMs? Or are you referring to your earlier replies in this thread?

What information is it that you need? I have tried all of the steps originally mentioned except issuing another cert with RSA 2048. If you need me to I can do that, but if we’re not certain that will fix the problem I was hoping we could move forward with manual validation to save any wasted effort.

Thanks very much for your help!

9

I just sent you a DM @maxgerlock