I've seen something similar with websites setup for certificate authentication that have just stopped working for iPhone users on v18.2 or 18.3. I found another article which suggested the reason you're not seeing the cert offered for use is because the client is not negotiating again after the initial TLS handshake and therefore the server is not able to give the trusted issuers list in the TLS re-negotiate handshake - for MITM attack mitigation probably. We're testing out using the "Negotiate Client Certificate" setting in IIS to workaround this - give it a look. Disappointing that Apple make these changes/updates and they're so difficult to find out about.