TLS Negotiation failed, the certificate doesn't match the host

I am starting to get the error “TLS Negotiation failed, the certificate doesn’t match the host.” when trying to send from Gmail/GSuite. It appears this is a widespread issue that Google created (https://support.google.com/mail/thread/38336515), but I was wondering if there is some nuance to the MXroute server setup that could be triggering this?

Apparently after Google’s recent change in the way they handle TLS certificates, you have to set the SMTP host as lisa.mxrouting.net (or your particular mxrouting.net server) instead of mail.mydomain.com (which historically has worked due to DNS CNAME)

Really, they don’t accept certs for CNAME’s? (URL?)

Good to know! Also quite odd. My guess is it’s something to do with SNI handling.

@Jarland

This issue seems to have popped up again…but this time in reverse.
Now the TLS certificate seems to only match pixel (pixel.mxrouting.net) and not lisa (lisa.mxrouting.net)