You may need the -addext
flag.
For example:
openssl req -new -key certs/foo-bar.pem \
-subj "/CN=foobar.mydomain.svc" \
-addext "subjectAltName = DNS:foobar.mydomain.svc" \
-out certs/foo-bar.csr \
-config certs/foo-bar_config.txt
Got the answer from here: https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-line