Hunh. I must say that this is not expected. At first I thought this was going to be straightforward and that the external IP wasn't in the cert, but when I probed it, I could see this wasn't gonna be 'easy'.
Using openssl and this command one can inspect the certificate that is being returned:
openssl s_client -connect 144.24.198.122:6262 -showcerts | openssl x509 -text
When I did that, I can see in there that it is returning DNS/IP that 'seem' OK, but I think there's a bug in the quickstart. When we tell you to set the external dns to the external ip, it looks like the certificates that get generated by the controller will have entries for both the DNS name and the IP. Let me show you what I mean, here's what your server is returning (using that command above. i added line-wrapping in this post to make it more legible):
X509v3 Subject Alternative Name:
DNS:instance-20220723-2134, DNS:localhost,
DNS:instance-20220723-2134, DNS:144.24.198.122, DNS:144.24.198.122,
IP Address:127.0.0.1, IP Address:144.24.198.122,
IP Address:144.24.198.122
See how the SANS has DNS:144.24.198.122 and also has IP Address:144.24.198.122? I expect that the DNS is overriding the IP and this is what is causing the problem.
The easiest way to fix this will probably be to regenerate the server certificate, update the config, and restart the controller. I actually just covered this recently with markamind over at here. I think if you follow those instructions and get a "clean" server certificate where the SANS doesn't report a IP in the DNS section, it should work. I also think those steps are pretty clear, but if not, post back. We'll get this going, I'm sure of it! 