diff --git a/idhub/mixins.py b/idhub/mixins.py
index 6e793a8..b43f6e8 100644
--- a/idhub/mixins.py
+++ b/idhub/mixins.py
@@ -4,6 +4,7 @@ from django.core.exceptions import PermissionDenied
 from django.urls import reverse_lazy, resolve
 from django.shortcuts import redirect
 from django.core.cache import cache
+from django.conf import settings
 
 
 class Http403(PermissionDenied):
@@ -32,6 +33,10 @@ class UserView(LoginRequiredMixin):
     ]
 
     def get(self, request, *args, **kwargs):
+        err_txt = "User domain is {} which does not match server domain {}".format(
+            request.get_host(), settings.DOMAIN
+        )
+        assert request.get_host() == settings.DOMAIN, err_txt
         self.admin_validated = cache.get("KEY_DIDS")
         response = super().get(request, *args, **kwargs)
 
@@ -50,6 +55,10 @@ class UserView(LoginRequiredMixin):
         return url or response
         
     def post(self, request, *args, **kwargs):
+        err_txt = "User domain is {} which does not match server domain {}".format(
+            request.get_host(), settings.DOMAIN
+        )
+        assert request.get_host() == settings.DOMAIN, err_txt
         self.admin_validated = cache.get("KEY_DIDS")
         response = super().post(request, *args, **kwargs)
         url = self.check_gdpr()
diff --git a/idhub/models.py b/idhub/models.py
index f1eea85..cc77874 100644
--- a/idhub/models.py
+++ b/idhub/models.py
@@ -475,7 +475,7 @@ class DID(models.Model):
         if self.type == self.Types.KEY:
             self.did = keydid_from_controller_key(new_key_material)
         elif self.type == self.Types.WEB:
-            didurl, document = webdid_from_controller_key(new_key_material)
+            didurl, document = webdid_from_controller_key(new_key_material, settings.DOMAIN)
             self.did = didurl
             self.didweb_document = document
 
diff --git a/trustchain_idhub/settings.py b/trustchain_idhub/settings.py
index 15b9986..090be76 100644
--- a/trustchain_idhub/settings.py
+++ b/trustchain_idhub/settings.py
@@ -35,7 +35,8 @@ DEBUG = config('DEBUG', default=False, cast=bool)
 ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='', cast=Csv())
 CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default='', cast=Csv())
 
-DOMAIN = config("DOMAIN", "http://localhost")
+DOMAIN = config("DOMAIN")
+assert DOMAIN not in [None, ''], "DOMAIN var is MANDATORY"
 
 DEFAULT_FROM_EMAIL = config(
     'DEFAULT_FROM_EMAIL', default='webmaster@localhost')
diff --git a/utils/idhub_ssikit/__init__.py b/utils/idhub_ssikit/__init__.py
index d97848b..562ef25 100644
--- a/utils/idhub_ssikit/__init__.py
+++ b/utils/idhub_ssikit/__init__.py
@@ -30,7 +30,7 @@ def resolve_did(keydid):
     return asyncio.run(inner())
 
 
-def webdid_from_controller_key(key):
+def webdid_from_controller_key(key, domain):
     """
     Se siguen los pasos para generar un webdid a partir de un keydid.
     Documentado en la docu de spruceid.
@@ -38,7 +38,7 @@ def webdid_from_controller_key(key):
     keydid = keydid_from_controller_key(key)  # "did:key:<...>"
     pubkeyid = keydid.rsplit(":")[-1]  # <...>
     document = json.loads(resolve_did(keydid))  # Documento DID en terminos "key"
-    domain = urllib.parse.urlencode({"domain": settings.DOMAIN})[7:]
+    # domain = urllib.parse.urlencode({"domain": settings.DOMAIN})[7:]
     webdid_url = f"did:web:{domain}:did-registry:{pubkeyid}"  # nueva URL: "did:web:idhub.pangea.org:<...>"
     webdid_url_owner = webdid_url + "#owner"
     # Reemplazamos los campos del documento DID necesarios: