Thanos certificate problem

Summary

The certificate used by the Thanos ingress doesn't cover all the FQDNs:
W0723 08:59:07.503332       7 controller.go:1455] Unexpected error validating SSL certificate "thanos/thanos-tls" for server "thanos-storegateway.sylva": x509: certificate is valid for │
│  thanos.sylva, localhost, not thanos-storegateway.sylva                                                                                                                                  │
│ W0723 08:59:07.503347       7 controller.go:1456] Validating certificate against DNS names. This will be deprecated in a future version                                                  │
│ W0723 08:59:07.503355       7 controller.go:1461] SSL certificate "thanos/thanos-tls" does not contain a Common Name or Subject Alternative Name for server "thanos-storegateway.sylva": │
│  x509: certificate is valid for thanos.sylva, localhost, not thanos-storegateway.sylva                                                                                                   │
│ W0723 08:59:07.503368       7 controller.go:1462] Using default certificate                                                                                                              │
│ W0723 08:59:07.503386       7 controller.go:1455] Unexpected error validating SSL certificate "thanos/thanos-tls" for server "thanos-receive.sylva": x509: certificate is valid for than │
│ os.sylva, localhost, not thanos-receive.sylva                                                                                                                                            │
│ W0723 08:59:07.503398       7 controller.go:1456] Validating certificate against DNS names. This will be deprecated in a future version                                                  │
│ W0723 08:59:07.503410       7 controller.go:1461] SSL certificate "thanos/thanos-tls" does not contain a Common Name or Subject Alternative Name for server "thanos-receive.sylva": x509 │
│ : certificate is valid for thanos.sylva, localhost, not thanos-receive.sylva                                                                                                             │
│ W0723 08:59:07.503422       7 controller.go:1462] Using default certificate                                                                                                              │
│ W0723 08:59:07.503446       7 controller.go:1455] Unexpected error validating SSL certificate "thanos/thanos-tls" for server "thanos-query.sylva": x509: certificate is valid for thanos │
│ .sylva, localhost, not thanos-query.sylva                                                                                                                                                │
│ W0723 08:59:07.503468       7 controller.go:1456] Validating certificate against DNS names. This will be deprecated in a future version                                                  │
│ W0723 08:59:07.503480       7 controller.go:1461] SSL certificate "thanos/thanos-tls" does not contain a Common Name or Subject Alternative Name for server "thanos-query.sylva": x509:  │
│ certificate is valid for thanos.sylva, localhost, not thanos-query.sylva
Edited Aug 13, 2025 by Thomas Morin