This article explains how to rotate the
cname-api-key for an Auth0 custom domain with self-managed certificates.
It’s not supported to rotate (or re-generate) the
cname-api-key directly, but you can get a new
cname-api-key (and invalidate the old one) by following these steps:
- Delete the current custom domain from your Auth0 tenant.
- Create a new custom domain with the same domain name.
- Finish verifying the ownership of the custom domain.
- After the verification is completed, you will get a new
cname-api-keyas well as the Origin Domain Name.
- Update your reverse proxy with the new
cname-api-keyand the new Origin Domain Name.
- Following the above steps will result in a new set of
cname-api-keyand Origin Domain Name, and both MUST be updated in the reverse proxy.
- There is downtime from step #1 to step #5. The custom domain will be unavailable before the new
cname-api-keyand new Origin Domain Name are updated in the reverse proxy. Please schedule the steps during off-peak hours or a maintenance window.