HTTPS email tracking using a custom domain and Sparkpost

Has anyone successfully set up email tracking domain on Sparkpost for a custom domain managed by Render?

  1. I’ve successfully set up a wildcard custom domain on render: *
  2. I’ve set up a tracking domain on Sparkpost by setting a CNAME record for
  3. When I click on the tracking link created by Sparkpost (, I get the following error in my browser:

Your connection is not private
Attackers might be trying to steal your information from (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID normally uses encryption to protect your information. When Brave tried to connect to this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Brave stopped the connection before any data was exchanged.

You cannot visit right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

I suspect I may need to do something equivalent to the following on Render:

Any ideas?

It would be useful to have the real URLs here so that we can see what’s going on - if you don’t want to post them here then you can email them to