CNAME record producing SSL cert error

I have a custom domain setup to use Netlify as the DNS provider. While the root of the domain hosts a site, I setup a CNAME record on a subdomain to alias to another site. I can access both the site hosted at the domain root and the site the CNAME record points to via https no problem. However, when I try to access the other site via my subdomain, browsers get upset about cert errors:

Firefox

Chrome

The settings for the site hosted at the domain root shows that HTTPS is enabled, though I configured the CNAME record in the “Domains” settings, rather than the “Site > Domain” settings and there doesn’t appear to be anyway to see cert related stuff in the former.

I do see the SSL certificate being returned is for the following domain: webmail-eu-central.migadu.com.

This is the domain this CNAME points to:

$ dig mail.nicolaos.dev  +noall +answer

; <<>> DiG 9.10.6 <<>> mail.nicolaos.dev +noall +answer
;; global options: +cmd
mail.nicolaos.dev.	3599	IN	CNAME	webmail.migadu.com.
webmail.migadu.com.	599	IN	CNAME	webmail-eu-central.migadu.com.
webmail-eu-central.migadu.com. 599 IN	A	172.104.132.37
webmail-eu-central.migadu.com. 599 IN	A	172.104.224.145

This SSL certificate is unrelated to Netlify our or services. In other words, we are not the host for the website at mail.nicolaos.dev.

We host the DNS records for that domain (and DNS is working correctly) but we do not host the website that domain is currently pointing to. 172.104.132.37 and 172.104.224.145 do not point to servers controlled by Netlify.

Because we don’t control the web server replying for this domain, we are unable to control the SSL certificate being served there. If you are having issues with the SSL certificate, please contact the administrator of that service or their support helpdesk about this issue.