We are ready to submit our application to the Zoom Marketplace for approval but are stuck on an issue with webhook validation.
Our zoom webhook endpoint is a function app hosted on Azure. In the past, we have had no issues with validating it its default Azure domain.
However, after setting up a new domain (one that resolves to the exact same function app, running the exact same code as before), webhook validation fails with URL validation failed. Try again later.
Could it be that Zoom has a list of allowed issuers and GeoTrust Global is not among them? Or, could it be that RSA4096 is not supported?
Debugging We’ve Done
Confirmed the handler returns application/json (not text/plain).
Confirmed both endpoints behave identically with curl -v (HTTP/2, correct body).
Verified the TLS handshake and certificate chain using openssl s_client.
Considered whether HTTP/1.1 vs HTTP/2 differences matter (both endpoints support both).
Looked at DNS — the custom domain resolves correctly to the same IP as the Azure subdomain.
Ask
If anyone has run into this **“**works on default cloud domain but fails on custom domain” situation, especially on Azure App Service, please share how you solved it.
Thanks for sharing all the details — that really helps narrow things down. Since the same code works on the Azure domain but fails on your custom domain, the issue may be related to the TLS configuration rather than the webhook handler itself.
Browsers are often forgiving with SSL setups, but Zoom’s webhook validator is stricter. It could be that the custom domain isn’t serving the full certificate chain (leaf + intermediate(s) + root). If any intermediate is missing, Zoom won’t trust the connection even though SSL Labs and browsers show the cert as valid.
Here are some next steps to try:
Re-upload your SSL certificate to Azure App Service, making sure the entire certificate chain is included.
Verify with openssl s_client -connect webhooks.therassist.ai:443 -showcerts that the chain is complete.
If the issue persists, try issuing the cert with a standard RSA 2048-bit or ECC key instead of RSA 4096, just to rule out compatibility limits.
Double-check DNS records (A/AAAA) to ensure there’s no IPv6 resolution mismatch.
Once the chain is complete and bound correctly, webhook validation should succeed on the custom domain as it does on the default Azure domain.
If not resolved from the above, @kwaku.nyante can you chime in and help with next steps of manual validation? Thank you!
Sorry I responded to your DM its usually 48hr SLA from the time we recieve your information as we mentioned in the initial DM sent to you so please be patient.
I’m sorry - where can I find DMs? Or are you referring to your earlier replies in this thread?
What information is it that you need? I have tried all of the steps originally mentioned except issuing another cert with RSA 2048. If you need me to I can do that, but if we’re not certain that will fix the problem I was hoping we could move forward with manual validation to save any wasted effort.
Validation works on old domain: https://therassist-webhooks-prod.azurewebsites.net/api/zoomWebhook
Validation fails on new domain: https://webhooks.therassist.ai/zoomWebhook