diff --git a/.env.example b/.env.example
index fdaa2cf..afc9980 100644
--- a/.env.example
+++ b/.env.example
@@ -13,9 +13,10 @@ JWT_SECRET=
 ALTCHA_HMAC_KEY=
 
 # WebAuthn / Passkey (set these to your actual domain)
-# If your domain has non-ASCII characters (umlauts, accents, etc.):
-#   RP_ID uses the unicode version: feedback.example.de
-#   ORIGIN uses the punycode version: https://xn--feedbck-example.de
+# If your domain has non-ASCII characters (umlauts, accents, etc.),
+# use the punycode version for BOTH RP_ID and ORIGIN:
+#   WEBAUTHN_RP_ID=xn--splung-4ya.ich-stuhle.de
+#   WEBAUTHN_ORIGIN=https://xn--splung-4ya.ich-stuhle.de
 # You can find the punycode version by opening the domain in a browser and copying from the address bar.
 WEBAUTHN_RP_NAME=Echoboard
 WEBAUTHN_RP_ID=example.com
diff --git a/packages/api/src/routes/admin/team.ts b/packages/api/src/routes/admin/team.ts
index 2ceaca6..9d30fb9 100644
--- a/packages/api/src/routes/admin/team.ts
+++ b/packages/api/src/routes/admin/team.ts
@@ -103,9 +103,7 @@ export default async function adminTeamRoutes(app: FastifyInstance) {
         },
       });
 
-      const protocol = config.WEBAUTHN_ORIGIN.startsWith("https") ? "https" : "http";
-      const prettyHost = config.WEBAUTHN_RP_ID || new URL(config.WEBAUTHN_ORIGIN).hostname;
-      const inviteUrl = `${protocol}://${prettyHost}/admin/join/${token}`;
+      const inviteUrl = `${config.WEBAUTHN_ORIGIN}/admin/join/${token}`;
       reply.status(201).send({ inviteUrl, token, recoveryPhrase, expiresAt });
     }
   );