diff --git a/scripts/setup/generate-self-signed-cert b/scripts/setup/generate-self-signed-cert
index f2d1a1fffa..071679850d 100755
--- a/scripts/setup/generate-self-signed-cert
+++ b/scripts/setup/generate-self-signed-cert
@@ -50,6 +50,17 @@ if [ -z "$FORCE" ] && { [ -e "$KEYFILE" ] || [ -e "$CERTFILE" ]; }; then
 fi
 rm -f "$KEYFILE" "$CERTFILE"
 
+if [[ "$EXTERNAL_HOST" =~ ^(([0-9]+\.){3}[0-9]+)(:[0-9]+)?$ ]]; then
+    subjectAltName="IP:${BASH_REMATCH[1]}"  # IPv4 address
+elif [[ "$EXTERNAL_HOST" =~ ^\[([^][]*)\](:[0-9]+)?$ ]]; then
+    subjectAltName="IP:${BASH_REMATCH[1]}"  # IPv6 address
+elif [[ "$EXTERNAL_HOST" =~ ^([^:]+)(:[0-9]+)?$ ]]; then
+    subjectAltName="DNS:${BASH_REMATCH[1]}"
+else
+    echo "$0: invalid host $EXTERNAL_HOST" >&2
+    exit 1
+fi
+
 config="$(mktemp)" || exit 1
 trap 'rm -f "$config"' EXIT
 
@@ -72,7 +83,7 @@ commonName          = $EXTERNAL_HOST
 
 [ v3_req ]
 basicConstraints    = CA:FALSE
-subjectAltName      = DNS:$EXTERNAL_HOST
+subjectAltName      = $subjectAltName
 EOF
 
 if [ "$is_redhat" = true ]; then
diff --git a/tools/ci/success-http-headers-bionic.txt b/tools/ci/success-http-headers-bionic.txt
index d9961e307d..20c863ed5b 100644
--- a/tools/ci/success-http-headers-bionic.txt
+++ b/tools/ci/success-http-headers-bionic.txt
@@ -1,6 +1,5 @@
   Self-signed certificate encountered.
-WARNING: no certificate subject alternative name matches
-	requested host name ‘localhost’.
+    WARNING: certificate common name ‘127.0.0.1’ doesn't match requested host name ‘localhost’.
   HTTP/1.1 302 Found
   Server: nginx/1.14.0 (Ubuntu)
   Content-Type: text/html; charset=utf-8
diff --git a/tools/ci/success-http-headers-focal.txt b/tools/ci/success-http-headers-focal.txt
index ac28296c68..63d6e0b230 100644
--- a/tools/ci/success-http-headers-focal.txt
+++ b/tools/ci/success-http-headers-focal.txt
@@ -1,6 +1,5 @@
   Self-signed certificate encountered.
-WARNING: no certificate subject alternative name matches
-	requested host name ‘localhost’.
+    WARNING: certificate common name ‘127.0.0.1’ doesn't match requested host name ‘localhost’.
   HTTP/1.1 302 Found
   Server: nginx/1.17.10 (Ubuntu)
   Content-Type: text/html; charset=utf-8