It can take up to 48 hours for the DNS to be propagated.
If you continue to see this error in the Dashboard, ensure that the CNAME record is properly configured in your domain management service. You can confirm the configuration of your CNAME record using:
A tool like Mxtoolbox or Google
The dig command in your terminal
dig
Ensure that the domain name is not already associated with an A record.
Ensure that no errors were made when typing or copying the CNAME record's domain name or value.
Auth0 recommends turning off CNAME flattening unless it's strictly necessary, according to the Cloudflare documentation. CNAME flattening for Auth0 managed certificates is an unsupported configuration and as such may cause the custom domain to break without notice if CNAME flattening is enabled.
CNAME flattening affects the Auth0 verification and certificate renewal processes due to the way it handles DNS records. Enabling CNAME flattening in Cloudfare after setting up a custom domain does not prevent certificate renewal.
If you need to enable CNAME flattening for all sub-domains managed by Cloudfare and still configure a specific subdomain to be an Auth0 custom domain, consider delegating the subdomain for Auth0 to another DNS provider. See Cloudflare documentation for details. This will enable you to use CNAME flattening for all subdomains except the one used for Auth0.
If you see this error when configuring a custom domain, you must perform additional configuration, which varies depending on your setup.
If your application issues an /authorize request with audience=https://login.northwind.com/userinfo, the server will return a Service not found: https://login.northwind.com/userinfo error. This is because even if you set a custom domain the API identifier for the /userinfo endpoint remains https://{YOUR_ORIGINAL_AUTH0_DOMAIN}/userinfo.
/authorize
audience=https://login.northwind.com/userinfo
Service not found: https://login.northwind.com/userinfo
/userinfo
https://{YOUR_ORIGINAL_AUTH0_DOMAIN}/userinfo
Similarly, using your custom domain in calls to the Management API will error for the same reason.
To fix this your app should instead use audience=https://{YOUR_ORIGINAL_AUTH0_DOMAIN}/userinfo. You can also remove this audience=[...]/userinfo parameter altogether if your application is flagged as OIDC-Conformant in the OAuth2 tab of the application's Advanced Settings.
audience=https://{YOUR_ORIGINAL_AUTH0_DOMAIN}/userinfo
audience=[...]/userinfo
If you are using Internet Explorer, you may see any of the following error messages:
"No verifier returned from client"
"Origin header required"
"Failed cross origin authentication"
When both the Auth0 domain and the app domain are in the same trusted or local intranet zone, Internet Explorer does not treat the request as a cross-domain request and therefore does not send the cross-origins header.
If you see any of these errors and you are using Embedded Login, you can move one of the sites out of the trusted or local intranet zone. To do this:
Go to Internet Options > Security.
Select the Local Intranet Zone tab and go to Sites > Advanced. Add your domain.
Return to the Security tab, and make sure the proper zone has been selected.
Click Custom Level and look for Access data sources across domains under the Miscellaneous section. Check the radio button next to Enable.
Alternatively, you can remove reliance on cross-origin authentication by implementing Universal Login.