The solution to serve the cert provided by @devloader works to successfully serve the cert, as that is the same path I went down. However, it seems that using URLRewriter only works for visualforce sites. At least this is what support has indicated. Thus, if you have commerce cloud/experience cloud the instructions for "sites" for URLRewriter do not apply, and requests to your commerce store domain will not be handled properly. There is a built-in component for Apply Pay in B2B/D2C sites but it requires using Salesforce Payments, and setting up the cert if "behind the scenes." It is still unclear how we can host the certificate using Salesforce Commerce. Can someone suggest an alternative to satisfy the "seemingly fixed" apply pay url at /.well-known/apple-developer-merchantid-domain-association.txt?
SALESFORCE SUPPORT RESPONSE:
The reason it isn’t working in your case is because the URL rewriter only applies to Visualforce sites.
In your implementation, the Experience Cloud site actually consists of two sites:
Lightning / LWR site URL: https://mysite.com/
Visualforce site URL: https://mysite.com/vforcesite/
When you try to access the URL at:
https://mysite.com/.well-known/apple-developer-merchantid-domain-association
…it is hitting the LWR site, not the Visualforce site. Since the URL rewriter only applies to the Visualforce site, it does not take effect in this case.
The correct URL (with the apex URL rewriter configured) would be:
https://mysite.com/vforcesite/.well-known/apple-developer-merchantid-domain-association
In short:
If you want to use the URL rewriter, the request needs to go through the Visualforce site.
If the file must be served from the root path (/.well-known/...), then the Visualforce site would need to be hosted at /, and the LWR site would require a path prefix.
