TLS validation is provided by golang runtime system. As filebeat inherited loads of code from logstash-forwarder, it has similar requirements regarding certificates.
I would not consider not having any hostname in your certificate as secure. In this case you can try the insecure setting suppressing hostname checks. Or disable TLS altogether.
Are you using self-signed certificate or have you considered having root CAs already?