Should the auto-assigned Let’s Encrypt TLS certificates include the custom domains as Subject Alt Names? If not, is uploading a custom TLS certificate the only method to support TLS on custom domains with HSTS enabled?
As an example, we have a project with multiple custom domains. The root domains each have HSTS enabled via
strict-transport-security HTTP headers. However, when accessing our domains via HTTPS, the TLS certificates are reported as invalid.
As a work-around, we can generate custom certificates, but I can’t help but think I must be missing a step in the process as the auto-assigned TLS certificates would be mostly useless otherwise.