Your domain is hosted on Regery Web-Hosting and Plesk panel is used for management.
3rd party (Cloudflare) DNS nameservers are used.
All resource records are correctly copied from Plesk resource records editor to Cloudflare.

Steps in Plesk control panel:
In Plesk control panel go to Websites & Domains and click Add Subdomain.
Specify mail. subdomain, check Secure the domain with Let's Encrypt checkbox and proceed with subdomain creation.
Once mail. subdomain is created you'll have one more SSL certificate issued. Now specify this SSL certification for mail servers. Go to Mail Settings of main domain and pick SSL/TLS certificate for mail that was issued for mail. subdomain.

Steps in 3rd party DNS:
Create A and AAAA records for mail. subdomain. Specify same IP addresses as for main domain.
Make sure A and AAAA records for mail. subdomain are not Proxied (Cloudflare does this by default for A/AAAA records) and only 3rd party DNS server is used for these records.
Make sure SRV records _imaps._tcp and _pop3s._tcp point not to the main domain but to the mail. subdomain.

In order to configure mail server on Plesk and 3rd party DNS we've created mail. subdomain and issued free SSL certificate. Then used this certificate as certificate for mail for main domain. After this we adjusted A/AAAA resource records on 3rd party DNS and corrected imap and pop3 auto-discovery settings.
Was this article helpful?
Thank you!