Ah, resolver (not DNS) search paths. They were a really bad idea that can and do lead to leaked queries that can result in all sorts of unpleasantness and risks.

As for certs, AFAIK, you can't get a certificate for a non-fqdn from a public CA since 2015.