Are you using an internal or external computer that got the certificate error?
What's the URL you set for autodiscover？ Run Get-ClientAccessService|fl uri to check that.
Does your current certificate only covers "mail.mydomain.com"? Normally people would have "autodiscover.domain.com" included in cert as well: https://practical365.com/exchange-server/exchange-2010-faq-autodiscover-names-ssl-certificate/
Besides, the host name(which used by client applications to connect to Exchange), the internal/external URLs and names of OWA, ActiveSync, EAC, EWS, Outlook Anywhere etc. should be added into certificates, because only a single certificate can be associated with a website and all services are offered under a single website by default, all the names that clients of these services use must be in the certificate.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.