My understanding is that the NAT loopback issue is based on the ISP’s rules rather than a router capability, but someone please correct me if I’m wrong.
The most confusing part of this is having gone through the work to have a formally signed SSL certificate (per certbot and letsencrypt) and still be told by the browser that the certificate isn’t trusted… I used this guide more or less:
I even tried importing the cert.pem into the phone as a profile, but that did nothing.