A custom domain is configured for the organization. After renaming the Okta subdomain, the CNAME value in the Domain Name System (DNS) records on the domain registrar may require an update because a mismatched CNAME value may cause issues with the Okta-managed custom domain certificate renewal.
- Okta Subdomain
- CNAME
- Administration
When the Okta subdomain is renamed, the CNAME value must be updated in the DNS records. The certificate renewal fails because the new CNAME value is used to search the DNS records in the domain registrar.
Update the CNAME value in the DNS records whenever the Okta subdomain is renamed. This change ensures the certificate renews successfully.
Ensure Use of the Correct CNAME Value
NOTE: okta.domains.read scope is required for these calls.
- Get all domains using the call:
https://{DomainName}/api/v1/domains. - From the response body, copy the ID of the relevant domain.
- Add the domain ID to the call:
https://{DomainName}/api/v1/domains/{domainId}. - From the response body, copy the value in the "values" key under the
CNAMErecord type:
5. This CNAME value must be added to the domain registrar DNS that is used, so the CNAME values match.
NOTE: If the CNAME has not been changed after the subdomain name change and the certificate has expired, then this update of CNAME in the DNS records will not renew the expired Okta-issued custom domain certificate. The custom domain must be deleted in Okta and added again.
