Traefik's server_cert_sans_dns has unexpected contents

[PietroPasotti]

Bug Description

TLDR: "It works on my virtual machine"

Traefik issues a CSR for "Creating CSR for darkstar.kpn with DNS ['darkstar.kpn'] and IPs [] " because Traefik.server_cert_sans_dns is returning ['darkstar.kpn'] i.e.

Supposing the app IP is "10.64.140.43"

import socket
socket.gethostbyaddr("10.64.140.43")   
('darkstar.kpn', [], ['10.64.140.43'])     

Note that darkstar is the name of my machine.

In a VM, you get

>>> socket.gethostbyaddr("10.233.117.142")
('10-233-117-142.kubernetes.default.svc.cluster.local', [], ['10.233.117.142'])

Traefik doesn't expect 'darkstar.kpn' and therefore we have a mismatch between the SANs in the certs issued to traefik by self-signed-certificates.

Note: in another case, (the VM's network was bridged to the host with e.g. --network enp1s0) we got:

>>> socket.gethostbyaddr("192.168.1.250")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
socket.herror: [Errno 1] Unknown host

To Reproduce

n/a

Environment

n/a

Relevant log output

n/a

Additional context

No response

[mmkay]

We could try setting traefik's external hostname to darkstar.kpn to see if that helps. If this is the issue, we could try to document it or detect this scenario and change the logic around it.