The K2D_ADVERTISE_ADDR currently accepts a single option to sign the certificate. It would be useful to be able to sign alternative names or IP addresses for certificates to be trusted based on IP addresses or aliases.

For example, I would like to be able to use the hostname of the machine, IP address for the LAN, and IP address and hostname from my tailscale network.