Different SSL certs being delivered to different platforms
This is due to Apple being one of the (earliest?) vendors enforcing full compliance with RFC 1035 which only allows letters, digits, and hyphens for domain names. The CA/Browser Forum has sunset underscores since 2019, but the CAs can't prevent you from using underscore in wildcard cert, and it seems that browser makers still allow the domain to be validated, except Apple.
Since iOS 14 and probably Big Sur, Safari won't send SNI for domains with an underscore, which is why you get the default cert. Unfortunately, while in Big Sur other browsers seems to use their own TLS library, it appears in iOS all browsers are required to use the built-in library.
If you only have a single domain with an underscore in its name, a probable (I'm not sure if the iOS will actually validate the cert, it works on desktop Safari) workaround will be using the cert for that domain as your default cert. Otherwise, you're forced to change all of those domains using underscores.