Apple CDN returning 404 Not found for our universal Link domain.

App & System Services General
MadhurMohta OP
Created 4d
Replies 5
Boosts 0
Views 142
Participants 2

Hi Team,

Our universal links were working fine but since last week we are facing issues and when tapping the links outside app it takes to browser and not the app.

Apple CDN is returning 404 for our domain and not the contents of AASA file.

https://app-site-association.cdn-apple.com/a/v1/app.ooredoo.om

sudo swcutil dl -d app.ooredoo.om returns The operation couldn’t be completed. (SWCErrorDomain error 7.)

Can we get the exact issue apple is facing to cache the AASA file in CDN. Any server config which we need to do for AASA bot to access the file.

Thanks in advance.

Replies  5
Boosts  0
Views  142
Participants  2
DTS Engineer OP
Apple
4d

Thanks for the post, a quick request to the link you have provided and I get a HTTP 200 return:

curl -v https://app-site-association.cdn-apple.com/a/v1/app.ooredoo.om
* Host app-site-association.cdn-apple.com:443 was resolved.
* IPv6: 2620:149:a21:f000::137, 2620:149:a0c:f100::10, 2620:149:a00:f000::157, 2620:149:a0c:f000::1, 2620:149:a00:f000::158, 2620:149:a0d:f000::134, 2620:149:a21:f000::145, 2620:149:a0d:f000::146
* IPv4: 17.253.83.195, 17.253.5.133, 17.253.83.136, 17.193.136.202, 17.253.5.147, 17.253.17.203, 17.253.17.206, 17.193.136.201
*   Trying [2620:149:a21:f000::137]:443...
* Connected to app-site-association.cdn-apple.com (2620:149:a21:f000::137) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=California; O=Apple Inc.; CN=app-site-association.cdn-apple.com
*  start date: Jun 15 23:51:02 2026 GMT
*  expire date: Sep  9 18:50:38 2026 GMT
*  subjectAltName: host "app-site-association.cdn-apple.com" matched cert's "app-site-association.cdn-apple.com"
*  issuer: C=US; O=Apple Inc.; CN=Apple Public Server ECC CA 1 - G1
*  SSL certificate verify ok.
* using HTTP/1.x
> GET /a/v1/app.ooredoo.om HTTP/1.1
> Host: app-site-association.cdn-apple.com
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 200 OK
< Server: AppleHttpServer/eb904970583abcdbe15e2c72bed201585ca041bc
< Date: Tue, 23 Jun 2026 19:58:06 GMT
< Content-Type: application/json
< Content-Length: 337
< Apple-From: https://app.ooredoo.om/.well-known/apple-app-site-association
< Apple-Origin-Format: json
< Cache-Control: max-age=21600,public
< Vary: Accept-Encoding
< X-B3-TraceId: a6c4d926d234b311
< Strict-Transport-Security: max-age=31536000
< Age: 2080
< Via: https/1.1 usmsc2-3p-pst-004.ts.apple.com (acdn/302.16436), http/1.1 usmsc2-3p-pac-004.ts.apple.com (acdn/302.16436), https/1.1 usmsc2-3p-pfe-016.ts.apple.com (acdn/302.16436), http/1.1 uslax1-edge-mx-012.ts.apple.com (acdn/7.17376), https/1.1 uslax1-edge-fx-015.ts.apple.com (acdn/302.16436)
< X-Cache: hit-stale, hit-fresh, hit-stale, hit-fresh, hit-stale
< CDNUUID: e8fedf6a-afd1-4d80-b455-7c60c19b3306-191851592
< Connection: keep-alive
< 
{
  "applinks": {
    "apps": [
      
    ],
    "details": [
      {
        "appIDs": [
          "ZU837R8FZZ.om.nawras.mynawras",
          "E2T3WF7746.com.cts.selfcare.ooredoo",
          "C4CVJ2YLUC.com.testNawras"
        ],
        "paths": [
          "NOT /og/*",
          "/*"
        ]
      }
    ]
  }
* Connection #0 to host app-site-association.cdn-apple.com left intact
}

I do not see any issue. Can you post the logs you are receiving?

Have you gone over the Tech Note? TN3155: Debugging universal links | Apple Developer Documentation

Do you need to provide private information and need to file a TSI to stay private?

If you need to provide me private links to your AASA file or sysdiagnose, please, I'd like you to submit a code-level support request so we can discuss this further privately. When you create the request, indicate that you were referred by me at Apple and make sure to include a link to this thread.

Thanks

Albert  WWDR
MadhurMohta OP
3d

Hi Albert, Thanks for the reply when I try the same command from Oman, I am getting Not found error.

What can be the reason for this ? Will caching across regions take time ?

PFB the logs.

madhurmohta@Mac ~ % curl -v https://app-site-association.cdn-apple.com/a/v1/app.ooredoo.om

  • Host app-site-association.cdn-apple.com:443 was resolved.
  • IPv6: 2a04:4e42:4b::774
  • IPv4: 199.232.59.6
  • Trying [2a04:4e42:4b::774]:443...
  • Trying 199.232.59.6:443...
  • Connected to app-site-association.cdn-apple.com (2a04:4e42:4b::774) port 443
  • ALPN: curl offers h2,http/1.1
  • (304) (OUT), TLS handshake, Client hello (1):
  • CAfile: /etc/ssl/cert.pem
  • CApath: none
  • (304) (IN), TLS handshake, Server hello (2):
  • (304) (IN), TLS handshake, Unknown (8):
  • (304) (IN), TLS handshake, Certificate (11):
  • (304) (IN), TLS handshake, CERT verify (15):
  • (304) (IN), TLS handshake, Finished (20):
  • (304) (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
  • ALPN: server accepted h2
  • Server certificate:
  • subject: C=US; ST=California; O=Apple Inc.; CN=app-site-association.cdn-apple.com
  • start date: Apr 14 13:58:18 2026 GMT
  • expire date: Oct 20 18:52:53 2026 GMT
  • subjectAltName: host "app-site-association.cdn-apple.com" matched cert's "app-site-association.cdn-apple.com"
  • issuer: CN=Apple Public Server RSA CA 11 - G1; O=Apple Inc.; ST=California; C=US
  • SSL certificate verify ok.
  • using HTTP/2
  • [HTTP/2] [1] OPENED stream for https://app-site-association.cdn-apple.com/a/v1/app.ooredoo.om
  • [HTTP/2] [1] [:method: GET]
  • [HTTP/2] [1] [:scheme: https]
  • [HTTP/2] [1] [:authority: app-site-association.cdn-apple.com]
  • [HTTP/2] [1] [:path: /a/v1/app.ooredoo.om]
  • [HTTP/2] [1] [user-agent: curl/8.7.1]
  • [HTTP/2] [1] [accept: /]

GET /a/v1/app.ooredoo.om HTTP/2 Host: app-site-association.cdn-apple.com User-Agent: curl/8.7.1 Accept: /

  • Request completely sent off

< HTTP/2 404 < server: AppleHttpServer/eb904970583abcdbe15e2c72bed201585ca041bc < content-type: text/plain; charset=utf-8 < apple-failure-details: {"cause":"Connection timed out"}

< apple-failure-reason: SWCERR00301 Timeout < apple-from: https://app.ooredoo.om/.well-known/apple-app-site-association < apple-try-direct: true < cache-control: max-age=3600,public < x-b3-traceid: 0fd6691326c8dcf3 < strict-transport-security: max-age=31536000 < expires: Wed, 24 Jun 2026 05:02:07 GMT < via: http/1.1 defra2-vp-vst-004.ts.apple.com (acdn/302.16436), http/1.1 defra2-vp-vfe-020.ts.apple.com (acdn/302.16436), 1.1 varnish < cdnuuid: 3f1f8d26-281a-482c-92a1-2f25283a43da-593319714 < accept-ranges: bytes < age: 747 < date: Wed, 24 Jun 2026 05:14:14 GMT < x-cdn: fsly < x-served-by: cache-lon4252-LON < x-cache: hit-fresh, hit-fresh, MISS < x-cache-hits: 0 < x-timer: S1782278055.885982,VS0,VE39 < vary: Accept-Encoding < content-length: 10 < Not Found

  • Connection #0 to host app-site-association.cdn-apple.com left intact
DTS Engineer OP
Apple
3d

Thank you for your response. Upon reviewing your output, I observe that the request to the Apple CDN servers is functioning correctly. However, I note that the server you have provided does not accept all IP addresses and user-agents. It is imperative that your server be configured to accept all IP addresses and user-agents. Additionally, I have identified an issue with the AASA file format. It is crucial that you host the most recent version of the AASA file format. This information can be found in the Tech Note I provided in the previous post.

curl -A "MyAgent-Bot/*" https://app.ooredoo.om/.well-known/apple-app-site-association
{
  "applinks": {
    "apps": [
      
    ],
    "details": [
      {
        "appIDs": [
          "ZU837R8FZZ.om.nawras.mynawras",
          "E2T3WF7746.com.cts.selfcare.ooredoo",
          "C4CVJ2YLUC.com.testNawras"
        ],
        "paths": [
          "NOT /og/*",
          "/*"
        ]
      }
    ]
  }
}%

TN3155: Debugging universal links | Apple Developer Documentation

Albert  WWDR
MadhurMohta OP
2d

Hello team,

Thanks for the reply. We have a few questions which will help us in resolving the issue.

  1. Can you please help us with the ip details from where the request is being sent.
  2. Please share the NSlookup result for the same.

Thanks.

DTS Engineer OP
Apple
2d

@MadhurMohta Thanks for the post, I can't provide you the IP address because there are multiple servers around the world, that's why in the Tech Note we are asking you to open to all IP addresses TN3155: Debugging universal links | Apple Developer Documentation as well as all your customers will have different IP address, so please do not have a list of whitelisted IPs.

Without that, your solution won't work as explained in the Tech Note.

Albert  WWDR

Apple CDN returning 404 Not found for our universal Link domain.
First post date Last post date
 
 
Q