No, there were questions about your script and TLS server certificates. I research that more and ended up using the merlin script that another poster here had modified with the new requirements. I know the EKU flag is enabled. I inspected the new cert and compared it with the new posted Apple requirements.
I have no IoT device back on. I was gone for six weeks while my apartment was gutted and renovated, so I was on MacBook, iPhone or iPad (with VPN) on various networks traveling. About one third of my apartment items still need to be unpacked and put out. Only my AC86U, iPhone, iPad, and MacBook are in use right now.
Oh and a BT body scale and BP cuff, that communicate via wifi back to the iPhone. They are assigned static IPs so I can watch them in Skynet. They do not try to call the mothership, at least not yet.
I had them for over a month before I was displaced, and now two weeks back and never any outbound activity from their IPs.