pull down to refresh

Yes your extra IPs and domains you provided in tlsextraip and tlsextradomain config entries should appear in the 'SAN' subject in the certificate. If they are not there, your app will not be able to perform the necessary SSL handshake.
You need to investigate why they are not getting picked up by lnd.
I don't use Umbrel so I do not know if they have hidden config files somewhere that overrides your manual lnd.conf entires. Maybe you can check with them Umbrel folks.
dude, thank you. you helped a lot. i've asked a question on umbrel about this because it actually looks like they ignore the lnd.conf entries when generating the cert. waiting for the reply...
btw. i ended up using voltage.cloud and it works like a charm!
reply
I did some digging, it looks like it is a known issue with Umbrel after upgrade 0.5.0.
reply
How the fuck did i miss this... Well, another argument for using voltage. Imagine being reliant on this for a production app and your certificates becoming void after a restart or update.
reply
Glad to hear it!
reply