Let's Encrypt email issues with PTR records

SYSTEM INFORMATION
**OS type and version: CentOS 8
**Webmin version: 1.981
**Virtualmin version: 6.17
Related products version: RECOMMENDED

I have three domains managed by cloudflare.
Each has a mail.domain.com PTR record setup for email. the MX record points to this.
Each domain.com has a let’s encrypt certificate for each domain and its subdomains which are supported by webservers.
I’ve had everything setup and working for about 3mo.
During a recent auto update of webmin and/or virtualmin, something must have gone wrong because I could no longer access the web interface. I had not noticed this until I had passed the 90day mark and my Let’s Encrypt SSL certs expired. Simply restarting the webmin service brought it back up and I observed the Let’s Encrypt SSL certs auto-renew. I can now access my web servers just fine but email does not work.
When gmail tries to use pop3 to get my email, it complains about the mail.domain.com subdomain “Hostname “mail.domain.com” doesn’t match any SANs (domain.com, www.domain.com)”.
If I try to manually get alet’s encrypt cert for mail.domain.com, it fails since it cannot verify since there is no webservice attached since it is just a PTR.
I have not touched any dovecot settings. SSL cert is still set to /etc/pki/dovecot/certs/dovecot.pem

I don’t recall how this was originally setup. Bottom line, how do I handle SSL for mail.domain.com?

Sorry, I mean A record.

Anyways, I still have the issue and am not sure how to fix the issue.