SSL Cert, CNAME for Mail pointer problems (redux, clarified), not resolved

So, after back and forth yesterday, I change the “mail” and “webmail” records from A records to CNAME and also removed the first MX record entry based on advice of community.

At this point, I cannot get the SSL cert issued from MXroute panel to work with mail because mail is now pointing to instead of my own domain (

So, here is what the DNS zone record WAS:

			IN	MX	10	
			IN	MX	20	
			IN	MX	30	

webmail		IN	A	
mail		IN	A	

And everything was sweet and swell. Could access “” via web and mail client used “” to access mail.

So, based on advice, I changed the record to:

			IN	MX	10	
			IN	MX	20	

webmail		IN	CNAME	
mail		IN	CNAME	

And now, I cannot properly access because the browser complains about SSL cert mismatch. And mail client cannot reach “

And now MXroute panel cannot issue SSL cert because it can’t find (not that I should have to reissue the cert).

There is a long thread already about this, and a new thread on chat.

I am open to either:

  1. Reveting back to IP address and A records and just know that one day that may change;


  1. Figuring out the root cause.

Thank you.

It seems somewhere our wires got crossed. I’m seeing that should actually be on and not on

OK. So, for priority 10, what about 20? Or even bother?


						IN	MX	10	
						IN	MX	20	

Or, B:

						IN	MX	10		

And is it the case that I should or should not have

						IN	MX	10		
						IN	MX	20

MX records will be: (Priority 10) (Priority 20)

You can find a copy of those details in the important account information email, which you can find a copy of here:

Just make sure you’re logged in at to the account that correlates to that particular service.

Thanks! Will change. Also, that email - I swear it never came and when I checked last week in my account, none of the original messages were there. Glad to see them there now. Will post back results in a few.

Changing serial to 2020032302 and editing as follows:

			IN	MX	10	
			IN	MX	20	

webmail		IN	CNAME	
mail		IN	CNAME

So, I’ve updated the zone file and here’s the result: works fine and the SSL cert matches. I did not need to generate a new one.

However… (which is being used for IMAP/SMTP) is not working. The error message in my mail client is:

Screen Shot 2020-03-23 at 1.51.50 PM

The actual log file:

INITIATING CONNECTION Mar 23 13:51:19.243 -- port:587 -- socket:0x0 -- thread:0x608001875200

CONNECTED Mar 23 13:51:19.391 [kCFStreamSocketSecurityLevelNone] -- -- port:587 -- socket:0x6040004ae6a0 -- thread:0x608001875200

READ Mar 23 13:51:19.504 [kCFStreamSocketSecurityLevelNone] -- -- port:587 -- socket:0x6040004ae6a0 -- thread:0x608001875200
220 ESMTP Exim Mon, 23 Mar 2020 18:51:19 +0100

WROTE Mar 23 13:51:19.514 [kCFStreamSocketSecurityLevelNone] -- -- port:587 -- socket:0x6040004ae6a0 -- thread:0x608001875200

READ Mar 23 13:51:19.627 [kCFStreamSocketSecurityLevelNone] -- -- port:587 -- socket:0x6040004ae6a0 -- thread:0x608001875200 Hello []
250-SIZE 52428800
250 HELP

WROTE Mar 23 13:51:19.628 [kCFStreamSocketSecurityLevelNone] -- -- port:587 -- socket:0x6040004ae6a0 -- thread:0x608001875200

READ Mar 23 13:51:19.740 [kCFStreamSocketSecurityLevelNone] -- -- port:587 -- socket:0x6040004ae6a0 -- thread:0x608001875200
220 TLS go ahead

OK. Jarland - thank you for all of this help. Mail is now working, and is able to connect to

Now, I know I’m parsing it real fine here, but just FYI, resolves to an apache message page and gives an SSL mismatch still.

I know that doesn’t matter because no, I don’t try to access over the web, I do know that is not what anyone does. Apple Mail does access it over 587 no problem and the certs match.

Just pointing out the https over web in case it should matter to you. Although it makes sense because 443 is not the port you have configured for that pobably since it’s over 587.

Next - I love your service. I think it’s fantastic because it’s what I have been looking for. I appreciate the support. I hope I can help others!

Don’t know what happened there but re-ran the issue process and it applied fine.

Cool! All set then! THANK YOU!

ONE MORE Q - SO, what exactly happened when you say “Don’t know what happened there but re-ran the issue process and it applied fine.”

Because I have three more domains to update and want to make sure it’s going to work without bugging you!

Aye, I built the custom virtual host for the webmail subdomain only. Apache never loads a virtual host for the mail subdomain.

Re-ran the cert issuance.? Jus updated and everything went perfectly.

I re-ran the process here after the DNS entry part: