Rotate cname-api-key

konrad.sopala · January 12, 2024, 8:39am

Problem statement

This article explains how to rotate the cname-api-key for an Auth0 custom domain with self-managed certificates.

Solution

It’s not supported to rotate (or re-generate) the cname-api-key directly, but you can get a new cname-api-key (and invalidate the old one) by following these steps:

Delete the current custom domain from your Auth0 tenant.
Create a new custom domain with the same domain name.
Finish verifying the ownership of the custom domain.

After the verification is completed, you will get a new cname-api-keyas well as the Origin Domain Name.
Update your reverse proxy with the new cname-api-key and the new Origin Domain Name.

Please note:

Following the above steps will result in a new set of cname-api-key and Origin Domain Name, and both MUST be updated in the reverse proxy.
There is downtime from step #1 to step #5. The custom domain will be unavailable before the new cname-api-key and new Origin Domain Name are updated in the reverse proxy. Please schedule the steps during off-peak hours or a maintenance window.

Topic		Replies	Views
Change Custom Domain Type from Auth0-Managed Certificate to Self-Managed Certificate Knowledge Articles certificate , custom-domain , auth0-managed	1	371	March 26, 2024
Auth0 Custom Domain Which Values Are Secrets Help branding , custom-domains-flows	2	523	November 28, 2023
Using custom domain with namecheap Help branding , custom-domains-flows	2	111	August 7, 2024
Custom Domains not Working Help branding , custom-domains-flows	2	1224	July 10, 2023
Custom Domain fails to validate Knowledge Articles certificate , custom-domain , proxy	1	2344	November 3, 2022

Rotate cname-api-key

Problem statement

Solution

Related Topics