The web has never coherently dealt with the trailing dot issue. Roughly the only standard that makes a clear requirement is for TLS PKIX certificates, which cannot have a trailing dot. So to avoid certificate matching bugs it’s best to redirect a trailing-dot domain to a no-trailing-dot domain. Sadly web servers do not make this easy, and traditionally they encourage configurations that do unpredictably wrong things with requests that have trailing-dot domains. It sucks.