OK, so what happens is that because of device connecting to hostnameA, but the server responding with hostnameB, the user gets a certificate warning - duh.
In summary, there is no way around telling users they need to update the server addresses :’(
Which is what @bronson said in the first place, so I should’ve really listened