dns: fqdn only needs domain string

This is from the caas days, when we had hyphenated subdomains flag

src/reverseproxy.js

@@ -119,9 +119,9 @@ function providerMatchesSync(domainObject, cert) {
 
 // note: https://tools.ietf.org/html/rfc4346#section-7.4.2 (certificate_list) requires that the
 // servers certificate appears first (and not the intermediate cert)
-function validateCertificate(subdomain, domainObject, certificate) {
+function validateCertificate(subdomain, domain, certificate) {
     assert.strictEqual(typeof subdomain, 'string');
-    assert.strictEqual(typeof domainObject, 'object');
+    assert.strictEqual(typeof domain, 'string');
     assert(certificate && typeof certificate, 'object');
 
     const { cert, key } = certificate;
@@ -131,7 +131,7 @@ function validateCertificate(subdomain, domainObject, certificate) {
     if (cert && !key) return new BoxError(BoxError.BAD_FIELD, 'missing key');
 
     // -checkhost checks for SAN or CN exclusively. SAN takes precedence and if present, ignores the CN.
-    const fqdn = dns.fqdn(subdomain, domainObject);
+    const fqdn = dns.fqdn(subdomain, domain);
 
     let result = safe.child_process.execSync(`openssl x509 -noout -checkhost "${fqdn}"`, { encoding: 'utf8', input: cert });
     if (result === null) return new BoxError(BoxError.BAD_FIELD, 'Unable to get certificate subject:' + safe.error.message);
@@ -430,7 +430,7 @@ async function writeDashboardConfig(domainObject) {
 
     debug(`writeDashboardConfig: writing admin config for ${domainObject.domain}`);
 
-    const dashboardFqdn = dns.fqdn(constants.DASHBOARD_SUBDOMAIN, domainObject);
+    const dashboardFqdn = dns.fqdn(constants.DASHBOARD_SUBDOMAIN, domainObject.domain);
     const certificatePath = await getCertificatePath(dashboardFqdn, domainObject.domain);
 
     await writeDashboardNginxConfig(dashboardFqdn, certificatePath);