2022/11/11
that SAN = Subject Alternate Name. A SAN certificate is a TLS certificate that certifies multiple domain names.
see https://support.dnsimple.com/articles/what-is-ssl-san/
that AWS Certificate Manager and other free-TLS-certificate services can’t validate private domain names since ACME (Automated Certificate Management Environment) relies on public DNS or WHOIS records.
See also https://docs.aws.amazon.com/acm/latest/userguide/domain-ownership-validation.html.