Hm, can you clarify what makes you think this to be true? I'm not doubting you, but I'd love your help reproducing your findings so I can fix it. Can you give me a command that shows this? Curl seems happy with the cert:
$ curl -I
https://Expensify.cashHTTP/2 200
date: Sun, 24 Jan 2021 21:15:07 GMT
content-type: text/html
set-cookie: __cfduid=d7b9d388659eddf76d49a3180052be5851611522907; expires=Tue, 23-Feb-21 21:15:07 GMT; path=/; domain=.expensify.cash; HttpOnly; SameSite=Lax; Secure
last-modified: Fri, 22 Jan 2021 19:48:30 GMT
x-amz-version-id: gDUIKS4512FilAV451eNAB1GKNTXSwxR
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1
da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront)
x-amz-cf-pop: HIO50-C1
x-amz-cf-id: eUX6h4RJEibwWOZlO9fRhI8qqXnOL-cCXKuV-NOcx87ifCjPYNWLGQ==
cf-cache-status: DYNAMIC
cf-request-id: 07d7d93449000039a2a6278000000001
expect-ct: max-age=604800, report-uri="
https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 616cc49a0c4839a2-SEA
Also, can you answer any of my questions about Signal? Thanks for your help and the fast response!