Auth0 custom domain verification fails when Cloudflare proxies the hostname, which prevents Auth0 from detecting the TXT record. To resolve this, disable the Cloudflare proxy for the domain records during the validation process.

The following error message appears in the Auth0 dashboard even when the TXT record matches the required configuration:

Error! Your verification record was not found. You might need to wait a few minutes before we can discover it.

• Auth0
• Custom Domains
• Cloudflare

The error occurs because Cloudflare currently proxies the hostname. When administrators configure a domain with a proxied Domain Name System (DNS) record in Cloudflare, the Cloudflare proxy prevents the use of a TXT record for domain validation. Auth0 cannot validate the custom hostname unless the DNS target points to the Software as a Service (SaaS) zone or administrators temporarily disable the proxy.

What configuration changes resolve the custom domain verification error in Cloudflare?

Disable the proxy settings in Cloudflare, allow Auth0 to verify the TXT record, and re-enable the proxy after verification by following these steps:

1. Log in to the Cloudflare dashboard and navigate to the DNS settings for the domain.
2. Locate the "A" or Canonical Name (CNAME) records associated with the custom domain.
   • NOTE: If a wildcard record covers the subdomains, create an explicit, non-proxied CNAME record for the specific custom domain to bypass the wildcard proxy.
3. Disable the proxy for the records by setting them to DNS only.
4. Return to the Auth0 Dashboard and wait for Auth0 to detect the TXT verification record.
5. Obtain the Origin Domain Name that Auth0 provides in the dashboard after successful verification.
6. Update the CNAME record to point to the Origin Domain Name and re-enable the Cloudflare proxy.