Not necessary to add mail.yourdomain.com as you can simply use yourdomain.com as mailserver adress.
However if you absolutly want to use mail subdomain, yes it has to be in the cert or your cert should be using a wildcard.
Alternatively check for let’s encrypt comtrib you will get a free certificate for as many domains as you want for free with auto renewall.