I currently have a website running on a DigitalOcean for bergenmakers.no. Setting up certificates worked well.
There’s subdomain mail.bergenmakers.no that is served by yandex.com through their Yandex.Mail for domain.
After adding certificates I can’t reach mail.bergenmakers.no anymore. Chrome, Safari and Firefox say that my connection is not private.
All of them point out that domain uses HSTS, but that didn’t help me to find answer to my problem.
Did anyone have this problem? maybe with GSuit/Google apps for domain?
mail.domain on Yandex is not actually supposed to be accessed via HTTPS directly. It just bounces you to https://mail.yandex.tld/parameters, which has appropriate Yandex certs. So trying to access https://mail.domain will give you an error (certificate served will contain Yandex names but not your domain). I don’t think it would be any different elsewhere, unless some other service actually allows you to upload your own cert to the server that provides such hosted mail service. If you are serving HSTS header including subdomains, this might cause an issue I believe. In that case you could remove subdomains from it to resolve this.