Cert validation error when using Service Fabric configuration provider

Originally, I used the following backends:

[backends]
  [backends.api]
    [backends.api.servers.endpoint]
    url = "https://Api:11443"

The DNS name Api resolves to several web servers, and those servers are signed with a self signed cert. Now, we're switching over to the Service Fabric provider. This provider automatically configures the backend pool:

image

So, now Traefik knows all the IP addresses of the VMs running that service and doesn't need DNS. The problem is, those servers use an SSL cert signed for "Api", not the IP address. We we make a request, we get the error:

DEBU[2019-09-27T20:22:07-07:00] '500 Internal Server Error' caused by: x509: cannot validate certificate for 10.111.12.8 because it doesn't contain any IP SANs

Is there any way around this, or can we disable the cert validation while still validating the root CA and using HTTPS? Here's my Traefik config:

debug = true
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":81"

[api]
entrypoint="dashboard"

[entryPoints.dashboard]
  address = ":8443"

[serviceFabric]

clusterManagementUrl = "https://localhost:19080"
apiVersion = "3.0"
refreshSeconds = 10

[serviceFabric.tls]
  cert = "C:/Users/rdpadmin/TraefikTest/sf.crt"
  key = "C:/Users/rdpadmin/TraefikTest/sf.key"
  insecureSkipVerify = true

[tls.options]
  [tls.options.default]
    [tls.options.default.clientAuth]
      clientAuthType = "RequireAnyClientCert"

Ok I believe I figured this one out as well.

The insecureSkipVerify = true under the [serviceFabric.tls] is used to ignore cert validation when connecting to the local service fabric endpoint (since we're connecting to it using localhost, and not its signed host name). I need to add another insecureSkipVerify = true at the top of the file, which will indicate backend certs are not validated. The entire config file is now:

debug = true
logLevel = "DEBUG"
insecureSkipVerify = true
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":81"

[api]
entrypoint="dashboard"

[entryPoints.dashboard]
  address = ":8443"

[serviceFabric]

clusterManagementUrl = "https://localhost:19080"
apiVersion = "3.0"
refreshSeconds = 10

[serviceFabric.tls]
  cert = "C:/Users/rdpadmin/TraefikTest/sf.crt"
  key = "C:/Users/rdpadmin/TraefikTest/sf.key"
  insecureSkipVerify = true

[tls.options]
  [tls.options.default]
    [tls.options.default.clientAuth]
      clientAuthType = "RequireAnyClientCert"

If there's a better approach for this scenario, I'd love to hear it.