Hi @proberts2, this has been a problem which has tested my & my clients patience on a number of occasions.
Solution found below...
Many of my clients use iPhones and as is the case they class their email as critically important (especially my solicitor & accountant clients), as soon as they cannot get or reply to their mail it's as if their world has come crashing down. This recently reared it's head again on the latest server Letsencrypt certificate update, all the iPhone users once again could not send email and had the same certificate not trusted message with no ability to Trust the Certificate.
This is where the real problem occurs, not when you initially setup a mail account on the device, that works fine first time, but when the certificate is updated you cannot then get the device to accept the new certificate. I spent days non-stop searching for a solution, being driven mad to the point of considering moving my clients onto another system.
However I finally found the solution... Instead of using the SMTP mail server for the users domain e.g mail.domain.com I edited all instances to use the full server name e.g whatever.whatever.whatever.uk0.bigv.io on each device and Voila no further problems..!
Hope this helps resolve your problem