ipsec ikev2 certificate issue

I’m having some issues building site to site ipsec. The tunnel uses certificate authentication, and the certificate is a self-signed certificate generated by routeros. When my id type and remote id type are selected as auto on both ends, the tunnel can be successfully established, but when I select fqdn or other options, an error message “peer’s ID does not match certificate” is displayed. The certificates on both sides have not changed during this period.
The reason I chose to change the id type is to assign different mode configs to different sites.
I want to know what content should be added to my certificate to meet the requirements, such as using fqdn as an example.
If you need more information, please leave a message, thank you very much!

I found the same issue in this post http://forum.mikrotik.com/t/ipsec-not-working/142182/1 but it didn’t give what the certificate needed to be adjusted. For everyone to better understand the issue.

The problem was solved in another way. In fact, different mode configs can be assigned to different connectors of the same peer through different certificates. It’s just that the certificate needs to be newly created from the CA. I previously signed two server and client certificates under the same CA, which is wrong.
Although I am also curious about how to deal with the verification relationship between the certificate and the fqdn. But because the problem has been solved, I will no longer pay attention to this issue, and share the solution here for others with similar needs.