Consul watches via http requests on management IP getting blocked

Consul watches send HTTP-API requests on management IP. But we can not add IP addresses in SSL certificates(alt_names/SAN), as a result, the API calls are getting blocked due to verification failure. Is there a way(configuration changes) to bind the consul watches API calls to hostname so that the API request performed on the hostname will be verified by SSL certificate?

PFA: Error Screenshot

For others watching this thread, this problem was determined to be a bug that is encountered when watches are defined in the Consul agent configuration and a non-localhost address is used for the -client address.

The bug is being tracked in the following GitHub issue:

1 Like