Secure CNAME with Dedicated SSL for the domain

Hi, I have a VPS with multiple domains, I am using cname of the primary as smtp and pop for emails, now I’ve got a didecated SSL for the domain so outlook and other client email with not refuse the secure connection with the server, but couldn’t get that after using the SSL
I have these records at DNS

  • A >> pointed to x.x.x.x ip address (Over CloudFlare),
  • A >> pointed to x.x.x.x ip address (DNS Only),
  • MX >> points to as the mx record for the domain,
  • CName >> smtp , pop and imap point to (DNS only)

When I am using these records with DNS only everything works will over SSL authorized from VPS itself, while I want is to use them over SSL (CloudFlare) but when I am changing the cloud icon to make them over CloudFlare the connection is lost!
What can I install or change to correct the connection to become over SSL rather than non secured?

Anything with :orange: will not proxy Email (POP/IMAP/SMTP). If you CNAME to, and it’s set to :orange:, that will not work.

But it sounds like you have MX set up correctly. Maybe you should CNAME SMTP/POP/IMAP to mxmail.

1 Like

I am still receiving the same popup from outlook email client that the certificate is from non trusted authorized source since it still see the certificate from self singed one not the acquired from CloudFlare.
Also, when I flagged record to work over CloudFlare, a new flag appeared next to mx record “this record is exposing your origin server’s ip address potentially exposing it to denial of service”, what I have to do with it ?

Email and web servers should be on separate machines, so if you’re running everything on the same system, you won’t be able to hide the IP address, if that’s important to you.

You will have set set up your own TLS certificate for email, since that won’t be proxied by Cloudflare.

Is there any helpful article for how to do that ?

Cloudflare doesn’t have any articles on setting up mail servers. Maybe

This topic was automatically closed after 30 days. New replies are no longer allowed.