Email delivery issues due to DNS configuration problems on Cloudflare

What is the name of the domain?

luminoscollective.com

What is the error number?

1

What is the error message?

The hostname is not covered by a certificate

What is the issue you’re encountering

Email delivery issues due to DNS configuration problems on Cloudflare and needs assistance in correcting the CNAME and MX record settings.

What steps have you taken to resolve the issue?

Here are the steps taken to resolve the email delivery issue:

Identified Proxy Setting: The initial problem was identified as the CNAME record being set to “Proxied” instead of “DNS Only” in Cloudflare. This setting was corrected to “DNS Only.”

Verified DNS Records: After changing the CNAME to “DNS Only,” the DNS records were verified to ensure they were correctly configured for email delivery.

Reviewed MX Records: Chris reviewed the MX records and noticed potential issues, such as duplicate entries with different priorities (10 and 30) for the same mail server (mxa.mailgun.org).

Confirmed Domain Connection: The domain connection was successfully established after correcting the DNS settings, but the email sending issue persisted.

Addressed Error Message: The error message “The hostname is not covered by a certificate” was identified, indicating a potential SSL/TLS configuration issue.

Requested Further Assistance: Chris reached out to Mastermind Support for additional guidance and troubleshooting, providing all relevant observations and error details.

What are the steps to reproduce the issue?

To reproduce the email delivery issue Chris is facing, follow these steps:

Set Up DNS and CNAME Records:

Configure the domain’s DNS settings in Cloudflare.
Add a CNAME record and set it to “Proxied” rather than “DNS Only.”
Check MX Records:

Ensure that there are duplicate MX records for the mail server (e.g., mxa.mailgun.org) with different priorities (e.g., 10 and 30).
Attempt to Send an Email:

Use the email service (such as OX email server) to send a test email.
Verify the Results:

Observe that the email fails to send, and review the error message, “The hostname is not covered by a certificate.”
Check Cloudflare and Email Server Logs:

Review logs and reports from Cloudflare and the email server to confirm that the email test fails and no email is received.

Screenshot of the error

Welcome to the Cloudflare Community. :logodrop:

You need to leave those CNAMEs set to :grey: DNS Only. Cloudflare Universal SSL only covers the apex name and first level subdomains and those Mailgun CNAME records shouldn’t be proxied anyway.

You have a lot going on with three different email domains, including the use of Cloudflare Email Routing which does not allow for sending email. It might be best for you to break your help request down to work on one specific domain and configuration at a time, whether that is the apex domain, or one of the subdomains.