Please check your message, I think the forum software ate some of the hostnames in < >
TLS is host name dependend, so the DHM created hosts that have another fqdn (or just shortname?) so a host with another hostname is supposed to fail as “host.company.io” is not the same as “host”
I suppose, you don’t really want the duplicate hosts anyway, so my suggestion would be: don’t worry about TLS not working on the second/duplicate host, get rid of the duplicate host.
=> The piggyback mechanism has some documentation about renaming the incoming piggyback data so that it matches your existing hosts.