You need to add sip.<domain> because it is your SIP domain in your topology.
The following picture shows the DNS and certificate requirements for your reference:
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.