We are switching email service providers. We didn’t have issues before but we are running into an issue now.
Currently we are set up with a wildcard universal cert. At first the support for our ESP said we would need to get a separate certificate for the subdomain, ex- mail[dot]domain[dot]com
But then after asking further questions they said we should be able to use the wildcard cert but they need the “1. Certificate, 2. Private key, 3. Chain”, but it doesn’t seem like we can do this with our origin certificate, this seems like something we would need to turn on Advanced Certificate Manager and maybe order a custom certificate for? Am I right?
I think the problem is CF doesn’t proxy email traffic*, so a SSL certificate through CF isn’t an option. You’ll need a cert for your origin email server.
Their requirements will necessitate procurement of an SSL from an actual CA. I would highly recommend Digicert … I have used them for over a decade when I needed a certificate. Could you use Let’s Encrypt for less? Probably… but I would go with the industry leader if the vendor doesn’t have a specific recommendation.