The remaining problems are generally #browsers that haven't implemented #SSL/#TLS correctly, mishandling it when a visited URL includes the trailing dot. It sounds like #Safari - maybe only on #IOS? - is one of those. They report an invalid #certificate because the #URL of the page includes a trailing dot on the domain, while the CN in the cert doesn't have it (as those are always absolute).