Documentation

Custom Domains

Bring any domain you own and OrbitKit will host your iOS app's privacy policy, AASA file, and support pages on it at no extra cost. SSL provisioned automatically.

OrbitKit lets you serve your app’s hosted pages from a domain you already own — for example, privacy.yourapp.com — at no extra cost. SSL is provisioned automatically. (You don’t get a domain from OrbitKit; you bring one you already own or register elsewhere.) In addition to your own domain, your pages always remain available at sites.orbitkit.io/your-slug.

Both URLs work simultaneously. Adding a custom domain does not disable your slug-based URL. Existing links to sites.orbitkit.io/your-slug will continue to work — nothing breaks.

Custom domains are required for Universal Links, App Clips, and Passkeys — these features only work on domains you own.

Setup steps

  1. In the Dashboard, go to Custom Domain and enter your domain (e.g., privacy.myapp.com).
  2. OrbitKit will show you DNS records to add. For subdomains, add a CNAME record pointing to orbitkit.io. For apex domains, add A records.
  3. After adding the DNS records, click Check Status to verify propagation.
  4. SSL is automatically provisioned once DNS is verified.

Provisioning steps

After saving a custom domain, the dashboard shows three sequential steps:

  1. DNS records detected — both records resolve at your DNS provider. Usually <1 min after you add them, sometimes a few minutes.
  2. Domain ownership verified — we verify your DNS records against the certificate authority. 5–30 min depending on the CA’s polling cadence.
  3. SSL certificate issued & deployed — your cert is issued and propagates to our edge servers. Another 5–30 min after step 2 completes.

While provisioning is in progress, your Live URL stays on sites.orbitkit.io/your-slug — the URL only flips to your custom domain when the cert is fully serving end-to-end. This means anything you paste into App Store Connect during the wait will keep working.

Each step’s indicator color tells you what’s happening:

  • green check — done
  • amber clock — in progress, no action needed
  • red error — your DNS records don’t match what we expect; fix them
  • gray dashed — earlier step hasn’t completed yet

DNS provider examples

Cloudflare

  1. Go to your domain’s DNS settings.
  2. Add a CNAME record: Name = privacy, Target = orbitkit.io.
  3. Set the proxy status to DNS only (gray cloud). Cloudflare’s proxy is not needed since OrbitKit provides SSL and CDN.

Namecheap

  1. Go to Advanced DNS for your domain.
  2. Add a CNAME record: Host = privacy, Value = orbitkit.io., TTL = Automatic.

GoDaddy

  1. Go to DNS Management for your domain.
  2. Add a CNAME record: Name = privacy, Value = orbitkit.io, TTL = 1 Hour.

Removing a custom domain

In the Dashboard, click Remove Domain in the Custom Domain section. This immediately removes the domain mapping. Your slug-based URL continues to work.

After removing, you should also delete the DNS records from your DNS provider.

Troubleshooting

DNS not propagating

DNS changes can take up to 48 hours to propagate, but typically complete within a few minutes. You can check propagation status using tools like dnschecker.org.

SSL certificate not provisioning

SSL provisioning starts automatically once DNS is verified. It typically takes 1–5 minutes. If it takes longer:

  • Verify your DNS records are correct and fully propagated.
  • Make sure you don’t have conflicting DNS records (e.g., an existing A record for the same subdomain).
  • If using Cloudflare, ensure the proxy is disabled (gray cloud) for this record.

“Domain in use” error

Each domain can only be mapped to one OrbitKit app. If you see this error, the domain is already mapped to another app. Remove it from the other app first.

Subdomains are separate

Apple treats myapp.com and www.myapp.com as distinct domains for AASA purposes — each needs its own custom domain entry in OrbitKit, and each needs to be listed separately in your Xcode Associated Domains capability (applinks:myapp.com and applinks:www.myapp.com). If you only want one canonical version, redirect the other at your DNS provider (most registrars support apex → www redirects natively).

DNS propagation DNS changes can take up to 48 hours to propagate, but typically complete within a few minutes. You can check the status from your Dashboard at any time.