CNAME record to point to

We are sending bulk emails using Sendgrid and using sendgrid tracking for the email statistics, for this we are using Link Branding feature of sendgrid.
As per instructions from sendgrid, we created one CNAME record inside Cloudflare DNS with subdomain like ‘’. This subdomain url is working fine with ‘http’ protocol but it’s not working with ‘https’ protocol (error: Your connection is not private: NET::ERR_CERT_COMMON_NAME_INVALID).

To solve this sendgrid suggested to use CNAME record as ‘Proxied’ and then add page rule to have full SSL, we did same but now we are getting error saying “Wrong Link: You have clicked on an invalid link…”.

How to resolve this issue?

What is the actual domain?

Also, please keep the record on DNS-Only until it works, not proxied.

1 Like

Actual domain is
Currently it’s on ‘DNS-Only’.

I’m not sure how that Sendgrid system is supposed to work, but right now the server does not have a certificate for your domain:

curl -svo /dev/null


Server certificate:
*  subject: CN=*
*  start date: Jan  8 15:37:25 2024 GMT
*  expire date: Jan 15 18:00:24 2025 GMT
*  subjectAltName does not match
* SSL: no alternative certificate subject name matches target host name ''

I can’t say I like their advise. Their product isn’t working, and now you are supposed to “fix” it in a way that effectively disables https, even though https would be shown in the browser?

This is really something that Sendgrid needs to fix on their end. I mean, how is this supposed to work for people that don’t use Cloudflare?

Could you share an example link?

But honestly, if Sendgrid doesn’t manage to fix this, I’d recommend you rather use unbranded links. Not supporting https for a link tracker is really really unprofessional.

1 Like