Certificate technology is pretty generic, it appears that you do not have the right certificate configuration. I don't see any way that this is a SmarterMail problem.
Basic certificate logic is that the DNS name used to make a connection must match a name on the certificate presented by the server. This match proves that you are connected to the intended server, and that your session was not hijacked in transit.
Consequently, autodiscover.yourdomain needs to be a SAN on your server certificate. If you create a unique host name for each client, you need autodiscover.clientdomain and actualhost.clientdomain included on the certificate. As far as I know, you can have an essentially unlimited number of Server Alternate Name (SAN) entries on a certificate (for a price). I have certainly seen certificates with a very long list of entries. If you are using the freebie Let's Encrypt certificate, your options may be more limited.
You can also use wildcard certificates to make the host portion unimportant. As far as I know, a wildcard can only be the primary entry, not a SAN, so you can only have one wildcard domain on a certificate.