Got it, thanks for your reply, already did, but when connecting to wss://mqtt.mydomain.com, it did not work, that's why as you said, it only work for non-SSL mqtt conenction.
for the second solution you mean to enable streams to third party mqtt which is the bridge, right ? for the WSS connections
I was thinking, in addition to the CNAME config, why not in future having it as a feature in Flespi Control Panel, like e.g. Vercel dashboard, instead of setting up a proxy mqtt service.