Are none of EFNet's servers properly SSL certified?

As far as I can tell, the EFNet servers that support SSL all use their own self-signed certificates, some of which expired a few years ago.

Or are you only including networks with a proper maintained DNS round robin that reliably connects to an SSL capable server on a predictable port, using a common network-name domain name for each server?

All networks are included in the servers list.

However, networks that use valid SSL certficates, ie. signed by a recognized certificate authority such as Let's Encrypt, match the hostnames in the certificate, have not expired, and so on (basically, what you would expect of a valid SSL certificate), have had their ports changed from 6667 to +6697 in the servers list. There are currently forty such networks.

For example, DALnet recently added SSL support to their network via their round-robin irc.dal.net, using Let's Encrypt certificates that match all of the hostnames on their network.