TIL that CNs are not used for hostname validation in TLS certificates (anymore)
A TLS certificate requires the hostname to be in the Subject Alternative Names (SAN) for hostname validation. It is not sufficient to just have the hostname in the certificate's Common Name (CN).
Only check DNS domain names via the subjectAltName extension designed for that purpose:
dNSName.