SSL Certificate Pinning not working anymore on Android 9
I just had the same issue. According to the Android 9 Change-Log this is expected for certificates without SAN:
RFC 2818 describes two methods to match a domain name against a certificate—using the available names within the subjectAltName (SAN) extension, or in the absence of a SAN extension, falling back to the commonName (CN).
However, the fallback to the CN was deprecated in RFC 2818. For this reason, Android no longer falls back to using the CN. To verify a hostname, the server must present a certificate with a matching SAN. Certificates that don't contain a SAN matching the hostname are no longer trusted.
Source: Hostname verification using a certificate