Troubleshooting WAF Provisioning

Overview

The WAF provisioning process involves several automated steps: domain registration, firewall configuration, certificate issuance, and DNS verification. Occasionally the process can get stuck at one of these stages.

Common Issues

Stuck on “Initializing WAF Build”

This means the initial firewall instance is being created. If this stage persists for more than 15 minutes:

1. Check the Heroku app logs for any error messages
2. Verify your Heroku app is running and accessible at its .herokuapp.com URL
3. Contact us and we can manually trigger the provisioning step

Domain Verification Not Completing

If the setup is waiting for domain verification:

1. Confirm you have added the required DNS records (CNAME or TXT) exactly as shown on the setup page
2. Use a DNS lookup tool to verify the records are visible: dig CNAME _verification.yourdomain.com
3. DNS propagation can take up to 24 hours, though it is usually much faster

Certificate Not Issuing

If the setup is stuck at the certificate stage:

1. Check for CAA records on your domain that may be blocking certificate issuance
2. Verify the domain verification step completed successfully
3. Wildcard domains may require additional DNS records

Setup Page Shows Stale Information

If you believe a step has completed but the setup page hasn’t updated:

1. Refresh the page
2. Check the WAF dashboard for updated status

Starting Over

If the provisioning is stuck and cannot be resolved:

1. Remove the ExpeditedWAF addon from your Heroku app’s Resources tab
2. Wait a few minutes
3. Re-add the addon and begin the setup process again

This will not affect your Heroku application. The WAF is a separate proxy layer.

Need Help?

If your provisioning is stuck, please contact us so we can investigate:

• Contact us at support@expeditedsecurity.com
• Book a Call at https://app.harmonizely.com/expedited/30-min