SSL on Tracking Domains

I recently started using tracking domains

my domain has an SSL certificate where the domain is hosted (dreamhost)

I clicked on one of my emails today and it gave me an error saying not secure

Any suggestions what I should do ?
Either widlcard ssl to match any subdomain or instead of using cnames, you create subdomains for which you generate ssl's and then point them to your mailwizz instance root folder, or use soemthing like cloudflare to handle the ssl for all your domains/subdomains/etc, or issue the certificates on your own, which would be the most difficult part.
Either one of the above will do.
Thnks...that is what I thought as well...having SSL on root domain does not propagate it to tracking domains by default...thnks