This likely needs to be "secure": false.
The naming is confusing, it doesn’t mean the connection isn’t secure, it just means the initial connection is opened without SSL and then STARTTLS is used so your server and Mailgun’s servers can agree on a compatible cipher to open the secure connection.