Apple CDN returning 404 Not found for our universal Link domain.

Hi Team,

Our universal links were working fine but since last week we are facing issues and when tapping the links outside app it takes to browser and not the app.

Apple CDN is returning 404 for our domain and not the contents of AASA file.

https://app-site-association.cdn-apple.com/a/v1/app.ooredoo.om

sudo swcutil dl -d app.ooredoo.om returns The operation couldn’t be completed. (SWCErrorDomain error 7.)

Can we get the exact issue apple is facing to cache the AASA file in CDN. Any server config which we need to do for AASA bot to access the file.

Thanks in advance.

Thanks for the post, a quick request to the link you have provided and I get a HTTP 200 return:

curl -v https://app-site-association.cdn-apple.com/a/v1/app.ooredoo.om
* Host app-site-association.cdn-apple.com:443 was resolved.
* IPv6: 2620:149:a21:f000::137, 2620:149:a0c:f100::10, 2620:149:a00:f000::157, 2620:149:a0c:f000::1, 2620:149:a00:f000::158, 2620:149:a0d:f000::134, 2620:149:a21:f000::145, 2620:149:a0d:f000::146
* IPv4: 17.253.83.195, 17.253.5.133, 17.253.83.136, 17.193.136.202, 17.253.5.147, 17.253.17.203, 17.253.17.206, 17.193.136.201
*   Trying [2620:149:a21:f000::137]:443...
* Connected to app-site-association.cdn-apple.com (2620:149:a21:f000::137) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=California; O=Apple Inc.; CN=app-site-association.cdn-apple.com
*  start date: Jun 15 23:51:02 2026 GMT
*  expire date: Sep  9 18:50:38 2026 GMT
*  subjectAltName: host "app-site-association.cdn-apple.com" matched cert's "app-site-association.cdn-apple.com"
*  issuer: C=US; O=Apple Inc.; CN=Apple Public Server ECC CA 1 - G1
*  SSL certificate verify ok.
* using HTTP/1.x
> GET /a/v1/app.ooredoo.om HTTP/1.1
> Host: app-site-association.cdn-apple.com
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 200 OK
< Server: AppleHttpServer/eb904970583abcdbe15e2c72bed201585ca041bc
< Date: Tue, 23 Jun 2026 19:58:06 GMT
< Content-Type: application/json
< Content-Length: 337
< Apple-From: https://app.ooredoo.om/.well-known/apple-app-site-association
< Apple-Origin-Format: json
< Cache-Control: max-age=21600,public
< Vary: Accept-Encoding
< X-B3-TraceId: a6c4d926d234b311
< Strict-Transport-Security: max-age=31536000
< Age: 2080
< Via: https/1.1 usmsc2-3p-pst-004.ts.apple.com (acdn/302.16436), http/1.1 usmsc2-3p-pac-004.ts.apple.com (acdn/302.16436), https/1.1 usmsc2-3p-pfe-016.ts.apple.com (acdn/302.16436), http/1.1 uslax1-edge-mx-012.ts.apple.com (acdn/7.17376), https/1.1 uslax1-edge-fx-015.ts.apple.com (acdn/302.16436)
< X-Cache: hit-stale, hit-fresh, hit-stale, hit-fresh, hit-stale
< CDNUUID: e8fedf6a-afd1-4d80-b455-7c60c19b3306-191851592
< Connection: keep-alive
< 
{
  "applinks": {
    "apps": [
      
    ],
    "details": [
      {
        "appIDs": [
          "ZU837R8FZZ.om.nawras.mynawras",
          "E2T3WF7746.com.cts.selfcare.ooredoo",
          "C4CVJ2YLUC.com.testNawras"
        ],
        "paths": [
          "NOT /og/*",
          "/*"
        ]
      }
    ]
  }
* Connection #0 to host app-site-association.cdn-apple.com left intact
}

I do not see any issue. Can you post the logs you are receiving?

Have you gone over the Tech Note? TN3155: Debugging universal links | Apple Developer Documentation

Do you need to provide private information and need to file a TSI to stay private?

If you need to provide me private links to your AASA file or sysdiagnose, please, I'd like you to submit a code-level support request so we can discuss this further privately. When you create the request, indicate that you were referred by me at Apple and make sure to include a link to this thread.

Thanks

Albert  WWDR

Hi Albert, Thanks for the reply when I try the same command from Oman, I am getting Not found error.

What can be the reason for this ? Will caching across regions take time ?

PFB the logs.

madhurmohta@Mac ~ % curl -v https://app-site-association.cdn-apple.com/a/v1/app.ooredoo.om

  • Host app-site-association.cdn-apple.com:443 was resolved.
  • IPv6: 2a04:4e42:4b::774
  • IPv4: 199.232.59.6
  • Trying [2a04:4e42:4b::774]:443...
  • Trying 199.232.59.6:443...
  • Connected to app-site-association.cdn-apple.com (2a04:4e42:4b::774) port 443
  • ALPN: curl offers h2,http/1.1
  • (304) (OUT), TLS handshake, Client hello (1):
  • CAfile: /etc/ssl/cert.pem
  • CApath: none
  • (304) (IN), TLS handshake, Server hello (2):
  • (304) (IN), TLS handshake, Unknown (8):
  • (304) (IN), TLS handshake, Certificate (11):
  • (304) (IN), TLS handshake, CERT verify (15):
  • (304) (IN), TLS handshake, Finished (20):
  • (304) (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
  • ALPN: server accepted h2
  • Server certificate:
  • subject: C=US; ST=California; O=Apple Inc.; CN=app-site-association.cdn-apple.com
  • start date: Apr 14 13:58:18 2026 GMT
  • expire date: Oct 20 18:52:53 2026 GMT
  • subjectAltName: host "app-site-association.cdn-apple.com" matched cert's "app-site-association.cdn-apple.com"
  • issuer: CN=Apple Public Server RSA CA 11 - G1; O=Apple Inc.; ST=California; C=US
  • SSL certificate verify ok.
  • using HTTP/2
  • [HTTP/2] [1] OPENED stream for https://app-site-association.cdn-apple.com/a/v1/app.ooredoo.om
  • [HTTP/2] [1] [:method: GET]
  • [HTTP/2] [1] [:scheme: https]
  • [HTTP/2] [1] [:authority: app-site-association.cdn-apple.com]
  • [HTTP/2] [1] [:path: /a/v1/app.ooredoo.om]
  • [HTTP/2] [1] [user-agent: curl/8.7.1]
  • [HTTP/2] [1] [accept: /]

GET /a/v1/app.ooredoo.om HTTP/2 Host: app-site-association.cdn-apple.com User-Agent: curl/8.7.1 Accept: /

  • Request completely sent off

< HTTP/2 404 < server: AppleHttpServer/eb904970583abcdbe15e2c72bed201585ca041bc < content-type: text/plain; charset=utf-8 < apple-failure-details: {"cause":"Connection timed out"}

< apple-failure-reason: SWCERR00301 Timeout < apple-from: https://app.ooredoo.om/.well-known/apple-app-site-association < apple-try-direct: true < cache-control: max-age=3600,public < x-b3-traceid: 0fd6691326c8dcf3 < strict-transport-security: max-age=31536000 < expires: Wed, 24 Jun 2026 05:02:07 GMT < via: http/1.1 defra2-vp-vst-004.ts.apple.com (acdn/302.16436), http/1.1 defra2-vp-vfe-020.ts.apple.com (acdn/302.16436), 1.1 varnish < cdnuuid: 3f1f8d26-281a-482c-92a1-2f25283a43da-593319714 < accept-ranges: bytes < age: 747 < date: Wed, 24 Jun 2026 05:14:14 GMT < x-cdn: fsly < x-served-by: cache-lon4252-LON < x-cache: hit-fresh, hit-fresh, MISS < x-cache-hits: 0 < x-timer: S1782278055.885982,VS0,VE39 < vary: Accept-Encoding < content-length: 10 < Not Found

  • Connection #0 to host app-site-association.cdn-apple.com left intact

Thank you for your response. Upon reviewing your output, I observe that the request to the Apple CDN servers is functioning correctly. However, I note that the server you have provided does not accept all IP addresses and user-agents. It is imperative that your server be configured to accept all IP addresses and user-agents. Additionally, I have identified an issue with the AASA file format. It is crucial that you host the most recent version of the AASA file format. This information can be found in the Tech Note I provided in the previous post.

curl -A "MyAgent-Bot/*" https://app.ooredoo.om/.well-known/apple-app-site-association
{
  "applinks": {
    "apps": [
      
    ],
    "details": [
      {
        "appIDs": [
          "ZU837R8FZZ.om.nawras.mynawras",
          "E2T3WF7746.com.cts.selfcare.ooredoo",
          "C4CVJ2YLUC.com.testNawras"
        ],
        "paths": [
          "NOT /og/*",
          "/*"
        ]
      }
    ]
  }
}%                  

TN3155: Debugging universal links | Apple Developer Documentation

Albert  WWDR

Hello team,

Thanks for the reply. We have a few questions which will help us in resolving the issue.

  1. Can you please help us with the ip details from where the request is being sent.
  2. Please share the NSlookup result for the same.

Thanks.

@MadhurMohta Thanks for the post, I can't provide you the IP address because there are multiple servers around the world, that's why in the Tech Note we are asking you to open to all IP addresses TN3155: Debugging universal links | Apple Developer Documentation as well as all your customers will have different IP address, so please do not have a list of whitelisted IPs.

Without that, your solution won't work as explained in the Tech Note.

Albert  WWDR

Hi Albert,

Thanks for the reply. I have informed the network team to open traffic and to not block any IP's. Still CDN returns Not found. PFB the logs which I received from network team related to AASA Bot. We are returning 200 still CDN returns not found. Can you please check the issue once and if anything is needed further from our side

10.125.2.254 - - [02/Jul/2026:03:26:16 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 337 "-" "AASA-Bot/1.0.0" "-"

10.125.2.254 - - [02/Jul/2026:03:30:42 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 337 "-" "AASA-Bot/1.0.0" "-"

10.125.2.254 - - [02/Jul/2026:04:17:08 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 337 "-" "AASA-Bot/1.0.0" "-"

10.125.2.254 - - [02/Jul/2026:04:26:33 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 337 "-" "AASA-Bot/1.0.0" "-"

10.125.2.254 - - [02/Jul/2026:07:59:35 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 337 "-" "swcd (unknown version) CFNetwork/1128.0.1 Darwin/19.6.0" "-"

10.125.2.254 - - [02/Jul/2026:09:30:48 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 337 "-" "AASA-Bot/1.0.0" "-"

10.125.2.254 - - [02/Jul/2026:09:31:24 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 337 "-" "AASA-Bot/1.0.0" "-"

10.125.2.254 - - [02/Jul/2026:09:52:14 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 337 "-" "swcd (unknown version) CFNetwork/1125.2 Darwin/19.4.0" "-"

10.125.2.254 - - [02/Jul/2026:10:20:02 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 337 "-" "AASA-Bot/1.0.0" "-"

10.125.2.254 - - [02/Jul/2026:10:42:35 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 337 "-" "AASA-Bot/1.0.0" "-"

@MadhurMohta Thanks for the reply, can you please provide me the url you are requesting?

Also can you update your AASA file to the current format?

{
  "applinks": {
    "apps": [
      
    ],
    "details": [
      {
        "appIDs": [
          "ZU837R8FZZ.om.nawras.mynawras",
          "E2T3WF7746.com.cts.selfcare.ooredoo",
          "C4CVJ2YLUC.com.testNawras"
        ],
        "paths": [
          "NOT /og/*",
          "/*"
        ]
      }
    ]
  }

Please looks at the AASA format where instead of path uses components.

"applinks": {
    "apps": [],
    "details": [
      {
        "appIDs": [
          "W74U47NE8E.com.apple.store.Jolly"
        ],
        "components": [
          {
            "/": "/ru/*",
            "exclude": true
          },

Thanks

Albert  WWDR

Hi Albert,

URL - https://app.ooredoo.om/.well-known/apple-app-site-association is the url where we hosted AASA file.

AASA BOT will access this URL.

Will old format cause caching issues. We will update to the new format today.

Regards,

Hi Albert,

New AASA format is live now. Please validate once at the same URL. Will the APPLE CDN face issues while caching the AASA if it's in OLD format ?

Thanks got the new AASA file and looks great, old format only causes issues in the client not the server as far as I know.

Thanks

Albert  WWDR

Hi Albert,

thanks for the reply. We are still facing the Not Found error on Apple CDN. Even AASA bot has received 200 status code from our network.

[root@saddlpr01 giri]# grep "apple-app-site-association" /var/log/nginx/access.log

10.125.2.254 - - [07/Jul/2026:05:00:08 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 434 "-" "AASA-Bot/1.0.0" "-"

10.125.2.254 - - [07/Jul/2026:05:10:07 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 434 "-" "swcd (unknown version) CFNetwork/1126 Darwin/19.5.0" "-"

10.125.2.254 - - [07/Jul/2026:07:33:53 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 434 "-" "swcd (unknown version) CFNetwork/1128.0.1 Darwin/19.6.0" "-"

10.125.2.254 - - [07/Jul/2026:07:36:35 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 434 "-" "AASA-Bot/1.0.0" "-"

10.125.2.254 - - [07/Jul/2026:08:31:30 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 434 "-" "AASA-Bot/1.0.0" "-"

10.125.2.254 - - [07/Jul/2026:09:17:46 +0400] "GET /.well-known/apple-app-site-association HTTP/1.1" 200 434 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.3.1 Safari/605.1.15" "-"

Why is the caching still not working. Please help us here as it's causing user impact. This URL is returning 404.

https://app-site-association.cdn-apple.com/a/v1/app.ooredoo.om

All my requests to the Apple CDN for your domain return a AASA file!

curl -v https://app-site-association.cdn-apple.com/a/v1/app.ooredoo.om

* Host app-site-association.cdn-apple.com:443 was resolved.
* IPv6: 2620:149:a21:f000::138, 2620:149:a21:f000::154, 2620:149:a00:f000::162, 2620:149:a0d:f000::139, 2620:149:a0c:f000::9, 2620:149:a0c:f100::4, 2620:149:a00:f000::138, 2620:149:a0d:f000::146
* IPv4: 17.253.83.132, 17.253.83.134, 17.253.5.159, 17.193.136.202, 17.193.136.201, 17.253.17.208, 17.253.17.205, 17.253.5.142
*   Trying [2620:149:a21:f000::138]:443...
* Connected to app-site-association.cdn-apple.com (2620:149:a21:f000::138) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=California; O=Apple Inc.; CN=app-site-association.cdn-apple.com
*  start date: Jun 15 23:51:02 2026 GMT
*  expire date: Sep  9 18:50:38 2026 GMT
*  subjectAltName: host "app-site-association.cdn-apple.com" matched cert's "app-site-association.cdn-apple.com"
*  issuer: C=US; O=Apple Inc.; CN=Apple Public Server ECC CA 1 - G1
*  SSL certificate verify ok.
* using HTTP/1.x
> GET /a/v1/app.ooredoo.om HTTP/1.1
> Host: app-site-association.cdn-apple.com
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 200 OK
< Server: AppleHttpServer/eb904970583abcdbe15e2c72bed201585ca041bc
< Date: Tue, 07 Jul 2026 13:50:30 GMT
< Content-Type: application/json
< Content-Length: 434
< Apple-From: https://app.ooredoo.om/.well-known/apple-app-site-association
< Apple-Origin-Format: json
< Cache-Control: max-age=21600,public
< Vary: Accept-Encoding
< X-B3-TraceId: 08ba49a141541450
< Strict-Transport-Security: max-age=31536000
< Age: 9850
< Via: https/1.1 usmsc2-3p-pst-004.ts.apple.com (acdn/4.16518), http/1.1 usmsc2-3p-pac-004.ts.apple.com (acdn/302.16436), http/1.1 usmsc2-3p-pfe-003.ts.apple.com (acdn/302.16436), https/1.1 uslax1-edge-mx-012.ts.apple.com (acdn/9.17424), https/1.1 uslax1-edge-fx-016.ts.apple.com (acdn/302.16436)
< X-Cache: hit-stale, hit-fresh, hit-fresh, miss, miss
< CDNUUID: 3e036437-a7bf-4c28-957b-bdcccb634f10-1046996193
< Connection: keep-alive
< 
{
  "applinks": {
    "apps": [
      
    ],
    "details": [
      {
        "appIDs": [
          "ZU837R8FZZ.om.nawras.mynawras",
          "E2T3WF7746.com.cts.selfcare.ooredoo",
          "C4CVJ2YLUC.com.testNawras"
        ],
        "components": [
          {
            "/": "/og/*",
            "exclude": true
          },
          {
            "/": "/*"
          }
        ]
      }
    ]
  }
* Connection #0 to host app-site-association.cdn-apple.com left intact
}%

Can you please copy and paste my request and provide me the output showing the 404?

Thanks

Albert  WWDR

Kindly investigate and let us know why the Apple CDN is not caching the AASA file for our domain (app.ooredoo.om). To verify our configuration, we tested the AASA file by executing the following curl requests, and the responses appear to be as expected:

curl -i http://saddlpr01/.well-known/apple-app-site-association HTTP/1.1 200 Server: nginx Date: Sun, 12 Jul 2026 05:06:10 GMT Content-Type: application/json Content-Length: 434 Connection: keep-alive X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=63072000; includeSubDomains Referrer-Policy: no-referrer Content-Security-Policy: default-src 'self' Permissions-Policy: geolocation=(), camera=(), microphone=()

{ "applinks": { "apps": [

],
"details": [
  {
    "appIDs": [
      "ZU837R8FZZ.om.nawras.mynawras",
      "E2T3WF7746.com.cts.selfcare.ooredoo",
      "C4CVJ2YLUC.com.testNawras"
    ],
    "components": [
      {
        "/": "/og/*",
        "exclude": true
      },
      {
        "/": "/*"
      }
    ]
  }
]

} }

Scenario 2: HTTP HEAD request to our domain's AASA file. url -I https://app.ooredoo.om/.well-known/apple-app-site-association HTTP/1.1 200 Server: nginx Date: Sun, 12 Jul 2026 05:29:51 GMT Content-Type: application/json Content-Length: 434 Connection: keep-alive X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=63072000; includeSubDomains Referrer-Policy: no-referrer Content-Security-Policy: default-src 'self' Permissions-Policy: geolocation=(), camera=(), microphone=() Set-Cookie: cookiesession1=678B28D2C0D04C8F3D1D3EBEA3352FAF;Expires=Mon, 12 Jul 2027 05:29:51 GMT;Path=/;HttpOnly Scenario 3: HTTP request to our domain's AASA file using verbose (-v) mode. curl -v https://app.ooredoo.om/.well-known/apple-app-site-association

  • Host app.ooredoo.om:443 was resolved.
  • IPv6: (none)
  • IPv4: 10.125.120.101
  • Trying 10.125.120.101:443...
  • schannel: disabled automatic use of client certificate
  • ALPN: curl offers http/1.1
  • ALPN: server accepted http/1.1
  • Established connection to app.ooredoo.om (10.125.120.101 port 443) from 127.0.0.1 port 59690
  • using HTTP/1.x

GET /.well-known/apple-app-site-association HTTP/1.1 Host: app.ooredoo.om User-Agent: curl/8.19.0 Accept: /

  • Request completely sent off

< HTTP/1.1 200 < Server: nginx < Date: Sun, 12 Jul 2026 12:12:46 GMT < Content-Type: application/json < Content-Length: 434 < Connection: keep-alive < X-Content-Type-Options: nosniff < X-Frame-Options: DENY < X-XSS-Protection: 1; mode=block < Strict-Transport-Security: max-age=63072000; includeSubDomains < Referrer-Policy: no-referrer < Content-Security-Policy: default-src 'self' < Permissions-Policy: geolocation=(), camera=(), microphone=() < Set-Cookie: cookiesession1=678B28D2A6B4CEA0CA982D821C182EC7;Expires=Mon, 12 Jul 2027 12:12:46 GMT;Path=/;HttpOnly < { "applinks": { "apps": [

],
"details": [
  {
    "appIDs": [
      "ZU837R8FZZ.om.nawras.mynawras",
      "E2T3WF7746.com.cts.selfcare.ooredoo",
      "C4CVJ2YLUC.com.testNawras"
    ],
    "components": [
      {
        "/": "/og/*",
        "exclude": true
      },
      {
        "/": "/*"
      }
    ]
  }
]

} }* Connection #0 to host app.ooredoo.om:443 left intact

Please review the issue and advise why the Apple CDN is not caching the AASA file despite the above request responses.

Thanks for another post, it seems like we are going in circles, the request to your server returns an HTTP 301 therefore based on the documentation the server will not download the AASA with redirections.

This is the first time you gave me the url http://saddlpr01/.well-known/apple-app-site-association I would personally recommend to simplify your solution.

curl -v http://saddlpr01/.well-known/apple-app-site-association
* Host saddlpr01:80 was resolved.
* IPv6: (none)
* IPv4: 20.29.134.18
*   Trying 20.29.134.18:80...
* Connected to saddlpr01 (20.29.134.18) port 80
> GET /.well-known/apple-app-site-association HTTP/1.1
> Host: saddlpr01
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 301 Moved Permanently
< Content-Length: 0
< Location: https://saddlpr01/.well-known/apple-app-site-association
< 
* Connection #0 to host saddlpr01 left intact

Please keep this Tech Note handy when finding issues as will have answers to all those issues TN3155: Debugging universal links | Apple Developer Documentation

Once everything works correctly on your servers, the Apple CDNs will be able to sync your file. If you can't find a recent version of your AASA file, I would recommend to look at your servers again.

Albert  WWDR

The SADDL01 is our internal please ignore that - Kindly investigate the below URLS and let us know why the Apple CDN is not caching the AASA file for our domain (app.ooredoo.om).

To verify our configuration, we tested the AASA file by executing the following curl requests, and the responses appear to be as expected:

Scenario 1: HTTP GET request to our domain's AASA file. curl -i https://app.ooredoo.om/.well-known/apple-app-site-association

HTTP/1.1 200

Server: nginx

Date: Sun, 12 Jul 2026 05:06:10 GMT

Content-Type: application/json

Content-Length: 434

Connection: keep-alive

X-Content-Type-Options: nosniff

X-Frame-Options: DENY

X-XSS-Protection: 1; mode=block

Strict-Transport-Security: max-age=63072000; includeSubDomains

Referrer-Policy: no-referrer

Content-Security-Policy: default-src 'self'

Permissions-Policy: geolocation=(), camera=(), microphone=()

{

"applinks": {

"apps": [



],

"details": [

  {

    "appIDs": [

      "ZU837R8FZZ.om.nawras.mynawras",

      "E2T3WF7746.com.cts.selfcare.ooredoo",

      "C4CVJ2YLUC.com.testNawras"

    ],

    "components": [

      {

        "/": "/og/*",

        "exclude": true

      },

      {

        "/": "/*"

      }

    ]

  }

]

}

}

Scenario 2: HTTP HEAD request to our domain's AASA file. curl -I https://app.ooredoo.om/.well-known/apple-app-site-association

HTTP/1.1 200

Server: nginx

Date: Sun, 12 Jul 2026 05:29:51 GMT

Content-Type: application/json

Content-Length: 434

Connection: keep-alive

X-Content-Type-Options: nosniff

X-Frame-Options: DENY

X-XSS-Protection: 1; mode=block

Strict-Transport-Security: max-age=63072000; includeSubDomains

Referrer-Policy: no-referrer

Content-Security-Policy: default-src 'self'

Permissions-Policy: geolocation=(), camera=(), microphone=()

Set-Cookie: cookiesession1=678B28D2C0D04C8F3D1D3EBEA3352FAF;Expires=Mon, 12 Jul 2027 05:29:51 GMT;Path=/;HttpOnly

Scenario 3: HTTP request to our domain's AASA file using verbose (-v) mode.

curl -v https://app.ooredoo.om/.well-known/apple-app-site-association

  • Host app.ooredoo.om:443 was resolved.

  • IPv6: (none)

  • IPv4: 10.125.120.101

  • Trying 10.125.120.101:443...

  • schannel: disabled automatic use of client certificate

  • ALPN: curl offers http/1.1

  • ALPN: server accepted http/1.1

  • Established connection to app.ooredoo.om (10.125.120.101 port 443) from 127.0.0.1 port 59690

  • using HTTP/1.x

GET /.well-known/apple-app-site-association HTTP/1.1

Host: app.ooredoo.om

User-Agent: curl/8.19.0

Accept: /

  • Request completely sent off

< HTTP/1.1 200

< Server: nginx

< Date: Sun, 12 Jul 2026 12:12:46 GMT

< Content-Type: application/json

< Content-Length: 434

< Connection: keep-alive

< X-Content-Type-Options: nosniff

< X-Frame-Options: DENY

< X-XSS-Protection: 1; mode=block

< Strict-Transport-Security: max-age=63072000; includeSubDomains

< Referrer-Policy: no-referrer

< Content-Security-Policy: default-src 'self'

< Permissions-Policy: geolocation=(), camera=(), microphone=()

< Set-Cookie: cookiesession1=678B28D2A6B4CEA0CA982D821C182EC7;Expires=Mon, 12 Jul 2027 12:12:46 GMT;Path=/;HttpOnly

<

{

"applinks": {

"apps": [



],

"details": [

  {

    "appIDs": [

      "ZU837R8FZZ.om.nawras.mynawras",

      "E2T3WF7746.com.cts.selfcare.ooredoo",

      "C4CVJ2YLUC.com.testNawras"

    ],

    "components": [

      {

        "/": "/og/*",

        "exclude": true

      },

      {

        "/": "/*"

      }

    ]

  }

]

}

}* Connection #0 to host app.ooredoo.om:443 left intact

Please review the issue and advise why the Apple CDN is not caching the AASA file despite the above request responses.

Thanks for the reply.

As previously discussed and as outlined in the Tech Note we authored on this subject, it appears that you should review each step carefully. Upon reviewing your actions, it is evident that adding an AASA file to one of your servers automatically will not make Apple CDN from syncing it. However, you still need to have an app with that link and Universal Links enabled, and then run it.

TN3155: Debugging universal links | Apple Developer Documentation

I strongly recommend that you revisit the Tech Note and provide me with the sysdiagnose output that displays the registration on the swcutil file. This output will indicate the exact time when the Universal Link was registered.

Error 404 means no app has requested the AASA file and no registration being triggered.

 curl -v https://app-site-association.cdn-apple.com/a/v1/app.ooredoo.om

Provide me the app and the configuration on the info.plist to show us we have completed that step if you may.

Thanks

Albert  WWDR

Apple CDN returning 404 Not found for our universal Link domain.
 
 
Q