Stopped receiving mail once I switched to cloudflare and using Strict SSL

I have a few domains on CloudFlare. I recently added one more “”

Since I added it, Gmail has stopped fetching those emails and giving me this error:

SSL Security Error. [ Help ]
Server returned error "SSL error: ok Hostname “mail.themotionbooks. com” doesn’t match any SANs: “vps…”

I have tried looking at my other domains on CloudFlare and copied those settings with no luck. This is what I have right now:

I do want to mention that I also tried changing the MX record to simply “themotionbooks . com” instead of “mail.themotionbooks. com.” I also double check my settings I had in google domains before pointing the doming to the Cloudflare name servers (things all worked fine with google domains)

One other thing I noticed is that the origin certificate that I added to my cpanel is

CloudFlare Origin Certificate
“*.themotionbooks. com”
“themotionbooks. com”

I don’t see mail.themotionbooks. com (I’m assuming it needs that for SSL verification to work on gmails part.

I’m thinking it’s something to do with the Strict SSL that I have going. Can someone help me figure this out.

I removed the origin certificate and created a new one with the domain, also reinstalled it in cpanel with the new origin certificate.

The mail is still not coming in with the new certificate. Looking for help.

Hi @web20,

As the mail subdomain is bypassing Cloudflare (which is correct, Cloudflare doesn’t proxy email traffic), the Origin Certificate won’t work in the same way as on your main site where it is proxied. The origin cert is not a publicly valid certificate and so you would need one from a trusted CA. This could be through your cPanel or via Let’s Encrypt etc.

1 Like

so should my MX record be name: and content: or mail.themotionbooks. com

Because in google domains (when it worked), there was no MX record… It was simply CNAME with the name: mail and the content: themotionbooks. com

Thank you.

So… I got it to work.

I basically had cPanel create a certificate for all my domains. And then I set it the SLL to FULL (not FULL strict). Your explanation helped me as I understand GMAIL was having a hard time connecting to it because the SLL certificate was wrong.

This topic was automatically closed after 30 days. New replies are no longer allowed.