on-rio domains do not work but vanity domains work

Describe the bug When running rio-demo I cannot access it with on-rio domains but I can with vanity domains

To Reproduce

Setup rio on k3s cluster with defaults
Run rio demo: run -p 80:8080 --name rio-demo https://github.com/rancher/rio-demo
Register a vanity domain: rio domains register x.y.z rio-demo
Give enough time for certs to be generated
Access vanity and on-rio domains

Expected behavior

Both vanity and rio domains would be accessible without SSL errors

Kubernetes version & type (GKE, on-prem): kubectl version

rio version v0.7.1 (d4c5f274)
k3s v1.0.0

❯ rio info
Rio Version: v0.7.1 (d4c5f274)
Rio CLI Version: v0.7.1 (d4c5f274)
Cluster Domain: a5caro.on-rio.io
Cluster Domain IPs: 185.136.235.208
System Namespace: rio-system
Wildcard certificates: a5caro.on-rio.io(true)

❯ rio inspect rio-demo
---
apiVersion: rio.cattle.io/v1
kind: Service
metadata:
  creationTimestamp: "2020-05-26T02:49:52Z"
  generateName: rio-demo-v0
  generation: 4
  name: rio-demo-v02vf4v
  namespace: default
  resourceVersion: "39140"
  selfLink: /apis/rio.cattle.io/v1/namespaces/default/services/rio-demo-v02vf4v
  uid: e3465038-e9cf-4bbb-b316-27a6ae36251e
spec:
  app: rio-demo
  build:
    branch: master
    repo: https://github.com/rancher/rio-demo
    revision: f8fab97fddc8ed5e98e45cd6373ad6feff3197f9
  image: localhost:5442/default/rio-demo-v02vf4v:f8fab
  ports:
  - port: 80
    targetPort: 8080
  replicas: 6
  version: v0
status:
  appEndpoints:
  - http://rio-demo.cv.timeworxs.com
  - https://rio-demo.cv.timeworxs.com
  - https://rio-demo-default.a5caro.on-rio.io
  - http://rio-demo-default.a5caro.on-rio.io
  buildLogToken: q8b4srmgtcwjtlklclctd6hqm7xlhmnjh4brkk49fqfhz27fk4q4jp
  computedApp: rio-demo
  computedReplicas: 6
  computedVersion: v0
  computedWeight: 10000
  conditions:
  - lastUpdateTime: "2020-05-26T02:49:55Z"
    status: "True"
    type: ServiceDeployed
  - lastUpdateTime: "2020-05-26T02:49:55Z"
    status: "True"
    type: ServiceClusterRBAC
  deploymentReady: true
  endpoints:
  - https://rio-demo-v0-default.a5caro.on-rio.io
  - http://rio-demo-v0-default.a5caro.on-rio.io
  scaleStatus:
    available: 6
  watch: true

❯ http https://rio-demo.cv.timeworxs.com
HTTP/1.1 200 OK
content-length: 29
content-type: text/plain; charset=utf-8
date: Tue, 26 May 2020 03:46:56 GMT
server: envoy
x-envoy-upstream-service-time: 107

Hi there, I'm running in Rio

❯ http https://rio-demo-default.a5caro.on-rio.io

http: error: SSLError: HTTPSConnectionPool(host='rio-demo-default.a5caro.on-rio.io', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1108)'))) while doing a GET request to URL: https://rio-demo-default.a5caro.on-rio.io/

None of the on-rio domains work, even the dashboard.

rancher / rio

on-rio domains do not work but vanity domains work #1045