From January 2022, we started receiving reports that AutoSSL was failing on the mail subdomain when the domain name is using Cloudflare DNS nameservers.

The first indication of this problem is usually that end users report an SSL error from their email application when it makes a connection to mail.<domainname> 

In the cPanel control panel, on the SSL/TLS Status page, there is an error message for the mail subdomain that will include "Network is unreachable", like this example:



In a standard DNS zone file, the mail subdomain is normally a CNAME record pointing to the main domain name. This works well because normally both records are pointed to the same system.

This is caused by the mail subdomain (which is not proxied) being a CNAME pointing to the main domain name (which is proxied). The proxy service works nicely for web traffic but it fails for the mail service. We can fix it by making sure the mail subdomain points directly to Maxer Host and not the Cloudflare proxy system.

Quick fix:
We recommend you take time to apply the permanent fix listed below but if you're stuck for time or you do not currently have access to Cloudflare/cPanel, there is a quick fix available:
You can update the incoming & outgoing hostname in your email application from mail.<yourdomain>.com to the server hostname. The server hostname is usually something like cpanel99.fastsecurehost.com - please check your signup email or hosting control panel for the exact hostname to use. If you encounter any issues please contact our technical support.

Permanent fix:
(1) Login to your Cloudflare dashboard at https://dash.cloudflare.com/
(2) Go to the DNS page
(3) In the list of DNS records, find the DNS record where the name is "mail" and the type is "CNAME". Delete this CNAME record only.
(4) Look at the main A-record for your website and you'll see an IP address which belongs to Maxer Host.  It usually appears 10 or 15 times in the list of DNS records. Take a note of this IP address.
(5) Create a new DNS record with type "A" and name "mail", with the IPv4 address you noted down, and with proxy status set to "OFF" (so it says "DNS only"). The TTL can be set to "Auto". Click on Save button.
(6) Next, login to your cPanel control panel (add /cpanel to the end of your website address to bring up the login page)
(7) In cPanel control panel, go to the "SSL/TLS Status" page
(8) On this page click the button "Run AutoSSL". Wait 5 to 10 minutes.

If you encounter any issues please contact our technical support.

If you would like our technical support to review your Cloudflare settings, please make sure you have granted us access to your Cloudflare account. Here is a guide:
https://my.maxer.com/knowledgebase/202/Grant-our-technical-support-access-to-your-Cloudflare-dashboard.html

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How does CloudFlare’s technology work?

CloudFlare works as a reverse proxy. What this means is that once your website is part of the...
What types of websites can use CloudFlare?

CloudFlare is not suitable for websites that stream video or audio directly from their origin...
Are there sub-domains I shouldn't enable with CloudFlare?

Are there sub-domains I shouldn't enable with CloudFlare? Subdomains on CloudFlare are marked...
What is CloudFlare?

If you haven’t heard about CloudFlare before, the basic values of the company are simple: ‘we’ll...
Grant our technicians access to your CloudFlare Dashboard

Our support team may ask you to grant us access to your CloudFlare account so we can troubleshoot...