Cert is valid for not


I installed vault and consul with their certs (Running Vault and Consul on Kubernetes | TestDriven.io), which all works great but there is a problem of getting metrics from vault when https is enabled!

Naimely, I want to srape the vaults endpoint (v1/sys/metrics) to get some vaules, but I constantly get the error from prometheus that the “cert is valid for not”. The endpoint works when I try to curl it from vault itself (it works with 172.0.01), but when I try to scrape that endpoint from outside I get the mentioned error.

So, in theory this should work if I set the IP of the vault server in the SAN of the cert, but what happens when the IP of the vault podschanges?? I’m open to any suggestion’s.