Here is situation that I am facing:
I am trying to verify custom domain that I am trying to run under Auth0. I used Okta for 6 years and I was explained that I need to make a switch. Here is the problem:
My application runs in the AWS as an EC2 instance.
In Rt53 I do have A record that points login.mydomain.com to the EC2 instance IP. I have my manually generated certs and httpd config properly setup, since it has been working for the past 6 years.
Here is a problem: I can’t have CNAME record that is also login.mydomain.com. That is not how DNS entries work. For the past 6 years, my CNAME has been *.mydomain.com and domain validation would work. That does not seems to be working anymore.
Therefore, what is the solution to accomplish having custom domain that is being validated and being functional?
Hi @vladimir2
Welcome to the Auth0 community!
Unfortunately, wildcard domains cannot be used for custom domains.
My suggestions for your current setup would be to set up Cloudfare where all your subdomains point to a single domain which you can use as a CNAME. Otherwise, you can also try setting up a single CNAME for your custom domain and then add all other subdomains inside the Allowed Callback URLs list of your application.
If you have any other questions, let me know!
Kind Regards,
Nik
This was not an issue of requesting wild-carded domain, but having wild-card entry as a key for the CNAME record. This worked for almost 6 years, utilizing Okta and it stopped working week ago. This is pure issue how parsing code works, since I was able to see DNS record propagation. However, it is a mute point to argue this and solution is as follows:
- One domain with its own secure certificate for authentication.
- Another domain for actual application. I my case, app running on the EC2 instance with static IP and its own secure certificate.
- Configure your authenticator to have login callback to your app
I do not doubt that there is some wild-carding in certificate that can be done, but I am a bit apprehensive about that approach, since my bad feeling is that may eventually blow up and you are stuck with non functional app.
This is my solution and it works.
Hi again.
Thank you for providing the solution regarding the issue that you are experiencing. This will surely be useful for other people as well.
I understand that this might be inconvenient, however, as you have stated, wild-carding can be performed in the certificate and your DNS configuration, but the custom domain feature within Auth0 is not able to accept a wild-card entry for the CNAME record when verifying it.
I am sorry about the troubles this has caused you, if I am able to help with further information or clarification on the matter let me know!
Kind Regards,
Nik