Some of the providers like elasticemail.com rewriting email content links.
Example. elasticemail requires tracking CNAME to be configured while verifying/adding sending domain also don’t allow verifying sub domains
Rewriting email link for account activation email look like below
as discourse install didn’t install cert on tracking.domain.com leaving an insecure message on browser when we set force ssl setting.
As Discourse LetsEncrypt module will install certs on configured domain, Is there any way that installing certs on tracking domain
This is not a multisite.
Also LetsEncrypt is going to issue wildcard ssl in a week.(ETA: February 27, 2018 from LetsEncrypt forums) incorporating that to letsencrypt module is good choice to avoid these instances