Error that SSL Cert does not belong to the domain

I get the error in Pihole every day "SSL/TLS certificate /etc/pihole/server.pem does not match domain" and its not a huge deal and I saw a post mentioning it about a month ago but no resolution. I have a domain and use custom subdomain certs for all my devices. I have the Cert assigned to Pihole.{anydomain}.com so it is not a blanket (*.anydomain.com) SSL cert. Why would I still be getting this error?

Most likely bc the domain in the browser URL doesnt match the one in the cert (Subject CN and Subject Alternative Name).
Can check with below:

sudo openssl x509 -text -noout -in /etc/pihole/server.pem

And below:

$ pihole-FTL --help
[..]
TLS X.509 certificate parser:
    Parse the given X.509 certificate and optionally check if
    it matches a given domain. If no domain is given, only a
    human-readable output string is printed.

    If no certificate file is given, the one from the config
    is used (if applicable). If --read-x509-key is used, details
    about the private key are printed as well.

    Usage: pihole-FTL --read-x509 [certfile] [domain]
    Usage: pihole-FTL --read-x509-key [certfile] [domain]

I just ran the command you posted and the dns and URL does in fact match. Error persists.

I just went through and recreated the certificates for my pihole though lets encrypt and cloudflare to make sure the dns is correct. Same issue. CERTIFICATE_DOMAIN_MISMATCH

Could you share the output of:

pihole-FTL --read-x509 | grep "ame\|on "
pihole-FTL --config webserver.domain
pihole-FTL --config webserver.tls.cert
pihole-FTL --config webserver.port

Could also inspect the cert thats presented via web with below:

openssl s_client -connect <PIHOLE_IP>:<WEB_PORT> -servername <DOMAIN_NAME> </dev/null 2>/dev/null | openssl x509 -noout -text

Eg:

$ openssl s_client -connect 10.0.0.5:443 -servername pi.hole </dev/null 2>/dev/null | openssl x509 -noout -text
[..]
        Subject: CN = pi.hole
[..]
            X509v3 Subject Alternative Name:
                DNS:pi.hole

I am sorry for the delay in response. I ran all the coomands you asked for, but how do I safely post that here. It has all my domain info and keys listed.

I only suggested to inspect the domain(s) in the offered web cert (Subject common name & SAN).
I did not expect you to post the full output.

For above two, just do like you did before:

Are you running Pi-hole with a public accessible domain?

It is not publically accessable. I have my domain through cloudflare and I have a certificate manager that talks to cloudflare to keep my certs updated. My domain is just locally to my internal network.