ServiceFabric, Healtchecks, SNI and IP SANs

I am trying to configure TLS to the backend. (kestrel, not that it should matter)
I can load my backend, I can load the cert in my kestrel env.

On a cluster node, I can verify this. via using curl with setting the host header, or by cheating with a hostfile entry and a browser. This works and my cert appears valid. Everything is awesome.

I have updated the healthcheck's hostname so that it should use the host header when querying, however it always fails complaining about no IP SANs.

Is this a defect? When will it get fixed? (since its a supported feature I think this should qualify as part of maint mode)

Does ANYONE have a working SNI based cert for traefik with backend comms?