Hmmm, thanks Apple.
My wife started to report issues with iOS 10.1.x on her ipad thingy saying it wasn't happy with the Letsencrypt cert. The cert was good but there was a host/domain mismatch.
The cert has a number of hosts in it e.g.
imap.mydomain.co.uk
smtp.mydomain.co.uk
esmith.mydomain.co.uk
It also had a sub domain for Rocket Chat
chat.mydomain.co.uk
It did not have the main domain (for various reasons)
mydomain.co.uk
This then caused the domains.txt file to look like this:
chat.mydomain.co.uk imap.mydomain.co.uk smtp.mydomain.co.uk esmith.mydomain.co.uk
iOS mail suddenly started complaining that it didn't like the cert 'chat.mydomain.co.uk'
It seems to ignore any other hosts or domains on the cert.
I have cured this by adding in the main domain mydomain.co.uk and setting the mail settings in iOS to use mydomain.co.uk as the IMAP/SMTP server.
Domains.txt now looks like this
mydomain.co.uk chat.mydomain.co.uk imap.mydomain.co.uk smtp.mydomain.co.uk esmith.mydomain.co.uk
I think I might rewrite the contrib slightly so that it always does:
domain1, host(s).domain1, domain2, host(s).domain2 etc etc
However I don't think that will cure the iOS issue specifically.
Any ideas why iOS ignores other hosts in the certificate file ?
B. Rgds
John