Hello @yajo,
this post helped me to have TLS doing well with myfbx.mydom.tech and *.mydom.tech so I have @user:mydom.tech with FreedomBox matrix-synapse server.
myfbx.mydom.tech
*.mydom.tech
@user:mydom.tech
matrix-synapse
I hope this may help you.