Apple products have recently started enforcing stricter requirements, even on self-signed certificates. I would recommend trying https://github.com/FiloSottile/mkcert to create your self-signed certificate and see if that works.
RSA min 2048 + SHA256.
The DNS name must be in the SAN-list, not only in the CN.
And two newer limitations:
TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.
TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).