AH01906 is currently issues for self-signed certificates that have the isCA=true BasicConstraint, as created by some basic openssl req x509... commands. It seems like these could be suppressed for self-signed certs.