Thanks for informing! Won't go down the DNS rabbit hole ... sounds interesting though. Will warn about this ... 'going http for now' means any/all things done in the Moodle will record http:// in rows of DB. When finally getting tls worked out you'll have to do a S&R again.
As long as you're at it ... the www. site also needs tls ... dunno what's behind that one but any company/entity that uses 'security' in FQDN's for purpose of info or, and especially training in, should, IMHO, not only 'talk the talk' but 'walk the walk'.
Your moving forward though ... ;)