I have a server which is publicly available (ie myservername.mydomain.com). This server hosts virtual machine which is not accessible from the outside, only from the server itself and its name is say, myapi.mydomain.com. NGINX is on both, and myservername redirects traffic to myapi. Certbot certificates are all generated on myserver (for both myservername and myapi).
When using from web browser, everything is fine; but I have a need to consume some REST services from myapi using POCO C++, which constantly fails to verify myapi’s signature. After some research I find out that problem is in certificate’s CN: I always get CN for myservername alhtough URL targets myapi.
My question is: did I generate certificate properly for this scenario? I may try to add separate DNS record for the VM with different IP, but not sure will this work.