User17328845499305318667 (Customer) asked a question.
Validating custom domain that is using CNAMEs
Hi.
I'm trying to add a custom domain. I've created both records the UI requests but I still get this error:
The certificate could not be provisioned. Double check that your DNS entries are correct, or wait a few minutes for propagation.
When I look up the record dnschecker.org it gives the correct result. The domain does use a CNAME to point to another DNS that points to trackunit-portal-dev.customdomains.okta.com. Which seems to break the validation:
oktatest.tandrup.org. 300 IN CNAME oktatest.maetzke-tandrup.dk.
oktatest.maetzke-tandrup.dk. 300 IN CNAME trackunit-portal-dev.customdomains.okta.com.
Is there any way to avoid this?
Best regards,
Mads
Hello @User17328845499305318667 (Customer) , thank you for contacting Okta Community.
I've brought your question to the attention of some of our colleagues. The issue seems to be proxy-related. During initial setup, the CNAME record must point directly to the customdomains.okta.com
value, and the CNAME must NOT be proxied. Otherwise, the domain ownership validation will fail.
Regards.
--
Ask Us Anything about Okta FastPass - now thru December 11th