Steps to reproduce:

With the upgrade from Zabbix 7.4.7 to 7.4.8 a lot of https-based checks started to fail that worked before. Affected are:

• simple check net.tcp.service[https,1.2.3.4,443] (address given as IP; port number is irrelevant for the behaviour)
• script items that talk to HTTPS-based APIs, e.g. the official HPE Primera by HTTP template; "Get Data" item.

Result:

Checks run into timeout and fail though contacted HTTPS-Services are verifiably reachable.

Expected:

Communication works as in previous versions.

Workaround / suspected reason for changed behaviour:

If the IP address used for the item is replaced with the correct FQDN, the items start working again. (Both simple and script items show this behaviour.) 

I suspect that the ssl-connect routine in 7.4.8 has started to check if the connection address matches with the supplied SSL certificate at the destination. Apparently this also fails even if the target supplies a SSL certificate with the IP as a SAN.

Suggestion:

Please revert to the old behaviour. For monitoring purposes it is not adequate to be picky about the SSL certificate; it is usually more important to get monitoring data from the target. For this reason I most often use the IP address instead of the FQDN as connection address in order not to have to rely on DNS working for checks of important components (like, for example, my HPE Primera storages...)