Auth0 Custom Domain with reverse proxy not working

Problem statement

We are currently configuring a custom domain for all our Auth0 tenants with a custom domain using a “self-managed certificate” with a reverse proxy.
We cannot make it works by following the steps in below doc:

We have set up the TXT record inside the DNS. We could verify the domain to get the “Origin Domain Name” and “cname-api-key”.

The issue comes after configuring the source IP / CNAME using the “Origin Domain Name” and the alternative CNAME with the custom domain.

The below error occurs when clicking on the “Try button”.
“Error! Looks like your domain is not configured correctly. Please check your reverse proxy configuration.”

And we received the below 403 Forbidden Cloudflare page when trying to reach the Custom URL.


The 403 error could be that your Reverse Proxy is not using the Origin hostname you were assigned when setting up your custom domain as the host header.

Please check the host header settings on your proxy:

Make sure to replace <CUSTOM_DOMAIN_ID> with the custom domain ID from the Origin Domain Name you received from Auth0 US: {yourTenant}.<CUSTOM_DOMAIN_ID> EU: {yourTenant}.<CUSTOM_DOMAIN_ID> AU: {yourTenant}.<CUSTOM_DOMAIN_ID> JP: {yourTenant}.<CUSTOM_DOMAIN_ID>

NOTE: At least for Cloudflare (Reverse Proxy), setting the “Host header override” with the above format doesn’t work. You need to use the CNAME value instead.

For example, if your custom domain id was “cd_TXIdNgQ07HrAFVmz” and it was for a US tenant, then the Origin hostname would be: