I actually had a thread about this last year but it’s now closed.
What do I need to do to get mail.mydomain.com to work through Cloudflare?
I get the “Error 525 - SSL handshake failed” screen.
Before I moved my host to another company I just turned off the Cloudflare icon, but this no longer works and probably isn’t the right way to do it anyway.
Once it’s configured on the Google Admin dashboard you need to set a page rule for the mail.example.com* route with SSL Full (could be Flexible, not sure, try with the first and if it doesn’t work after half an hour change).
" Your domain is set up with a security measure, such as HTTP Strict Transport Security, which requires HTTPS connections. The Admin console supports only HTTP connections for custom URLS, so you can’t customize service addresses for your domain"
However I did discover that using ‘Flexible’ instead of ‘Full (Strict)’ allows me to do what I want anyway!
This is reason enough to not do what you are proposing. Just use a page rule to redirect mail.mydomain.com to https://mail.google.com/a/mydomain.com and you will get some of what you are looking for. (Anything else is just vanity URLs, and you are paying a significant price for vanity)
But it actually does that exactly from Google’s servers. The login actually happens on on mail.google.com. The only thing is that it auto-selects the correct account if you have more than one.