CNAME to Outlook Webmail not working anymore

I have my domain setup for use with Microsoft 365, hosted exchange. I had setup a CNAME value, not proxied that basically pointed “mail.mydomain.com” to outlook.office.com. Was working perfectly.

I don’t know when it started, but have noticed in the last day, when trying to access “mail.mydomain.com” I get an NET::ERR_CERT_COMMON_NAME_INVALID in Chrome (other browsers have issues as well). Seems to be due to the fact that the security certificate does not match one of Microsoft’s domain names. But this was working at least a week or so ago.

Any thoughts?

Thanks

If A mail record is :grey: DNS only or if you are using a third-party (external) email service via CNAME.

This could incidate to an missing record to me at first.
Like Autoconfig or Autodiscover (usually A) record and one SRV record missing to me.

You should not access it via browser, rather via your e-mail client, or I am missing the point here?

Most of my users access their O365 mail via web. We use “mail.mydomain.com” just for branding and everyone just remembers it (its the URL we used to use with our old on-prem system). It worked great for the past several months, not sure what changed. We have all the DNS entries Microsoft requires.

Mail is still accessible at outlook.office.com, so we are not “down”, but it would be nice for convenience to get the other URL back up and running

Kindly, check here for the steps as needed (all written how to) for the proper setup of Microsoft 365 e-mail with Cloudflare.
After you setup, wait for few minutes (approx. 15min) for changes to apply, re-check and write us back here.

Keep a note that none of the Microsoft 365 records should be proxied (:orange: cloud), so they need to be set to DNS Only :grey: cloud.

Also, check if there are some missing records (like CNAME autoconfig, autodiscover, TXT records for SPF and other) at Cloudflare DNS dashboard and add them:

Records all look good and in place

1 Like

That is great to hear!

Due to this error - while it is for mail.yourdomain.com, here is an article which could indicate why you got it.
Maybe now when you have all configured, the SSL certificate needs to be renewed (automatically or manual trigger) or I do not know at this moment (depends how Microsoft 365 works).

Kindly, be patient maybe it fixes itself with some time, or someone else can reply with more experience :wink:

I guess at this point I will wait a day or so and see what happens, as I’ve said nothing has changed on my end…and the direct URL to Outlook webmail works fine (and mail flow is working fine).

Just seems to be some type of SSL/certificate conflict with my CNAME definition and Microsoft.

1 Like

Well…been 24 hours and still not working

Anyone have a CNAME redirect to outlook.office.com working?

If you have a CNAME for outlook.office.com, it should be :grey: cloud.

Or do you have a CNAME for your root domain (not mail.yourdomain.com)?

Are you sure Outlook application is configured to connect to the ‘mail’ subdomain to send and receive email? What error are you seeing?
What erros do you have?

Can you chek within this topic?:

Or maybe this one?:

Or try using a Dedicated SSL certificate from Cloudflare.

Your “mail” DNS entry should be set to :grey:.

Did Microsoft 365 issued you an SSL certificate for your hostname/domain?

Or try to change the CNAME (remove it) and then add new A mail and point it to your server’s IP :grey: cloud (DNS only) - if that could work with Microsoft 365 from the previous reply including how to setup the DNS records.

Moreover, if few days already passed, at this point I believe you will also need to contact your mail host. Cloudflare is only providing DNS for that hostname.

Regarding the Webmail hostname if you are accessing it via an CNAME record, and if it has had an HTTPS connection (have had an SSL certificate), you should have it :orange: and also selected Full SSL under SSL tab at your Cloudflare dashboard for your domain.

Otherwise, try with :grey: for it too and see what happens.

Moreover, what is your domain name?

Can you post a screenshot of your DNS records here?

I’ve set SSL to “Full” and have tried proxied and no proxied and now I get the following message in a browser:

Our services aren't available right now

We're working to restore all services as soon as possible. Please check back soon.

0/TldYAAAAAA5lfo7Ji8JQ5/1C4LS8fuoQ0gxRURHRTE1MjEARWRnZQ==

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.