Change Custom Domain Type from Auth0-Managed Certificate to Self-Managed Certificate

Problem statement

This article describes how to change the Auth0 custom domain type from an auth0-managed certificate to a self-managed certificate.


It is not supported to change the custom domain type directly, but the current custom domain can be removed and create it with the new type by following these steps:

  1. Delete the current custom domain from the Auth0 tenant.
  2. Create a new custom domain with the same domain name and the new type (self-managed).
  3. Finish verifying the ownership of the custom domain.
  4. After the verification is completed, get the cname-api-key and the Origin Domain Name.
  5. Configure the reverse proxy with the cname-api-key and the Origin Domain Name. Find instructions for some of the common reverse proxy providers (e.g., Cloudflare, Akamai, AWS CloudFront etc) in this document.

NOTE: There is downtime from step #1 to step #5. The custom domain will be unavailable before the reverse proxy is configured properly. Please schedule the steps during off-peak hours or a maintenance window.