Not sure that I followed all that you posted, but here are some more general notes:
Since you are using IMAP the first step is to get it working without autodiscover.
1) You should use encryption in both directions (IMAP and SMTP)
2) You need to ensure that you have configured login credentials for both directions (IMAP and SMTP)
3) You need to be careful that SmarterMail domain object is not configured with a host name override. The autodiscover redirect is going to point to the same destination for all domains, so SmarterMail needs to use a single host name for all domains.
4) The certificate needs to correspond with the single host name (wildcard certificates are fine - I use one also.)
Verify that you can connect using manual configuration, without any certificate warnings and without any login failures.
When enabling autodiscover:
The autodiscover host name should (must) be a CNAME record which resolves to your server name, not an A record. When you resolve to an IP using an A record, the connection will be made using the IP address, and an IP address always fails certificate verification.
This autodiscover entry is created in the client domain.
The cname points to the server name
Your server is configured with a wildcard certificate in the same domain as the server name.