Albertd.38306 (Customer) asked a question.
Brand custom domain redirecting to ".okta.com"
In the Okta Admin Console, under Customizations / Brands, we have some brands set up. For each of the brands we have a custom domain on our own domain.
The certificates had expired, and due to a setup issue with CloudFlare on our DNS the certificates did not renew. We fixed the CloudFlare DNS issue (the CNAMES were proxied), and now all the custom domains are in "pending" status. If I try to visit one of the domains it redirects to ".okta.com".
This is a trial we're running: trial-9326820
I am not sure how else to request support.
Network trace in browser:
I tried recreating all the custom domains, but all of them are now broken and redirecting to ".okta.com". This is really hampering our integration effort.
Hello @Albertd.38306 (Customer) , thank you for contacting Okta Community.
You can try removing all custom domains from Okta, then removing all DNS settings that send to Okta, as well as any type of certificates with Okta. Try to manage your own certificate, as your integration is behind a proxy (CloudFlare). The auto-renewal would fail every time.
Wait for a few days, then try to re-implement.
Otherwise, I recommend that you open a Support ticket (Customer Support Account ID number required) so one of our engineers can analyze it and provide in-depth troubleshooting.
Please note that opening a support ticket is a feature available only to paid accounts. If you do not have a paid account, but are interested in upgrading, you can contact our Sales team.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Hi Diana - CloudFlare is only hosting our DNS, and is *not* a proxy for Okta. This worked before and has stopped working.
Hello @Albertd.38306 (Customer) , in this situation, I recommend that you open a Support ticket (Customer Support Account ID number required) so one of our engineers can analyze it and provide in-depth troubleshooting. You could also provide more details in a ticket that shouldn’t be given here, as this is a public space.
Please note that opening a support ticket is a feature available only to paid accounts. If you do not have a paid account, but are interested in upgrading, you can contact our Sales team.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
@DianaL.19788 (Customer Support Online Community and Social Care) What is the intent of your "integrator plan", if integrators cannot easily get support?
I emailed support@okta.com, sales@okta.com and developers@okta.com on 26 November. I received a reply to say that "Your support request 02719601 has been received by the Okta Developer Support team". I have heard nothing since, nor has anyone responded to my follow-up emails. I don't quite know how else to get support.
I see someone else is having the exact same issue as us: https://support.okta.com/help/s/question/0D5WR000011J8fO0AS/custom-domain-randomly-stuck-in-pending-state?language=en_US
Similar to the other issue I have now checked, and our integrator plan is no longer an integrator plan either. I too can add more than ten users.
Maybe you did this when you recreated your domains, but try re-applying the certificates again.
I deleted two of the problematic domains (okta-dev, okta-qa) on Saturday, and only created them again today. The redirect is still broken on Okta's side so I have no idea of how to fix this.
I am not sure how an integrator is intended to try and use Okta if there is zero support.
Have you opened a support ticket with Okta? Okta Support is really good about helping with these edge cases.
This site is a community site where others can provide suggestions based on their experience. Since this is such an odd issue, it's likely that many of the community has not run into this issue before, but we have provided troubleshooting suggestions based on what we would try if we ran into the issue. If it was my issue, at this point I would open an Okta Support ticket.
The other things I would try is to use a new domain, or apply for a new Okta trial org, but I don't know what your use case is nor if that is feasible.