I added an IP in my subnet (10.10.64.7/24) to the default bridge, and disabled the default IP address. All works well, and I can access the web UI via http://10.10.64.7/
It works here, but only once I got DNS properly configured.
You don’t say which local DNS server you’re using, but since the only on-topic one here would be RouterOS’s built-in offering, the configuration needs to look like this:
If you add a CNAME — “sw” in the example above — use an FQDN for it, too, pointed at the canonical FQDN
Add your domain name to the DHCP server config, without which the above two rules will prevent use of hostname-only lookups.
Each self-signed cert you mint for TLS/HTTPS needs to list all possible names and IPs in the SAN field, not just the canonical FQDN. Per RFC2818, leave the common-name field blank; browsers don’t pay attention to that any more.
I’m using Windows DNS, and the DNS lookup works fine to return the IP address of the switch. The switch is configured to use the same DNS server, and can query it successfully. I know this works because the switch can do things like ping by hostname, and look for (and find) updates to RouterOS.
The problem is that the switch refuses to accept the connection if the browser uses the hostname in the URL.
This sort of error is typically caused by a host header name misconfiguration, but I see nowhere in the switch config to tell its web server what hostname it should accept. HTTPS and certs aren’t an issue, as I’m only using the default HTTP.