OpenSSL

How can I create a certificate with a Subject Alternate Name from my self-signed root certificate?

Good afternoon!
I've been trying to create a bundle for a day now: my self-signed root certificate + a certain number of certificates signed by this CA (at the same time, each certificate must have the Subject Alternate Name property filled in).
Create - a self-signed certificate with the presence of SAN - is elementary. There are a lot of examples on the Internet in 1 line.
Create - a self-signed certificate, which will be further CA - is also elementary.
Then problems begin...
1) To create a CSR with the presence of the SAN property - I suffered for a long time - but I kind of did it.
2) Sign this CSR with CA... Here is where it hangs. No matter what I do, the properties disappear or errors occur during generation.
To specify the SAN, an external config is used. For example this (found on the Internet).

[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
[ req_distinguished_name ]
countryName                 = Country Name (2 letter code)
stateOrProvinceName         = State or Province Name (full name)
localityName               = Locality Name (eg, city)
organizationName           = Organization Name (eg, company)
commonName                 = bestflare.com
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1   = bestflare.com
DNS.2   = usefulread.com
DNS.3   = chandank.com

CSR turned out like this

-----BEGIN CERTIFICATE REQUEST-----
MIIE8zCCAtsCAQAwZTELMAkGA1UEBhMCUlUxEjAQBgNVBAgMCVVseWFub3ZzazES
MBAGA1UEBwwJVWx5YW5vdnNrMRYwFAYDVQQKDA1EYXJrLVNvZnR3YXJlMRYwFAYD
VQQDDA1iZXN0ZmxhcmUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEAqnmy7NqNVbGPCCpwg5+cpy8YY8M+gZwXzHh6Ronw//4y4enTSrarXuyIWcWz
un1BwaQGgBdFadabrzvB7hMf3fFiurxcBYqOTr83Sj5sQzP84WCAc7zJFXnvdPOb
uGIJhnytBTDSPKQoooNcqeC5VpBVgbt0PSpWJ+xGFYKG/AxmjeMaTLnF7PGzTCjZ
hu/hnsUewzIz6nsFWfhPXCBb8pJAljXaWAO1GVRSKwhvEQcLIpUXdDvK2yiFHjDl
zSeRsIgLBOulcbHEjiqiwC0cSSfLCa8kM6V/oO8H23zUD+4XvKxGkGOgqGkVgefe
wI83ky1N+XaRiZuMFtCyuAl1h9k42fkgtlgcH6xiXErmCeb/J0Hr4cyfA6Y5a4Yw
tcZl8b35vz4j6A4SxnPNWCo0KY9K6fHhmfzeH20/9wTn8NXzV3Uzn/g/YLCS+X7B
W9O5Ahz4iIG9tEP+5NgfQ7Rwv6Ug25ijGZfzjsa09T7pnTJwdqR81We3iEVYnmhv
BA8hcBJ5vVaoK09NGYUHSgr21RuUEt/DvxQTKTZAPze31YK0htz0e+JT8qpJqnS8
PRL9JDK6NfIUQTJ6mVZ/X37C+AuLFY38MqqbbDJGWD6V3qLnSAQKcJKZR/W7Euaz
5wTJ6asxBDb+v7VgOW/+gEEB1Zr3Td5ZGxUhWorh6fPuC08CAwEAAaBJMEcGCSqG
SIb3DQEJDjE6MDgwNgYDVR0RBC8wLYINYmVzdGZsYXJlLmNvbYIOdXNlZnVscmVh
ZC5jb22CDGNoYW5kYW5rLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAUiR6+ucfb07h
gGJxTHStkeU0N9VQcD3osmmSaUWYU++GkWHCfOc/w73aSRuozTFdASreFcrfyWez
kuofyYZ1ut1miRdKMZAoSPFJ/rqbi1iOXt44J1xaNvrNmAm8rCc7saPnLWUzCe3C
MNbjLOFtODcODQpfcW0bQ41qLivhBWmpj72YB01cMcN10GnemR+hVsFx6YPK65yq
rp3liyTy/xGuH58RXz7dhxwjniwqzEXabJ5aq5DBF3NKIg+Zy8Cp/LsGnyS15aMB
OdxChGUQGDD2/oeOQjkJG7VoIxD278H1pzjBVuYKYFgcBMsKdnyP7zqZCeJinYSI
NDs3UXWu40YrT3r7q32JP5FXMBnl6QUiO/7tjaEP0D8C3ar4PoLz3rtfLR97WrWN
iGVZ6AJ3p470VoFylsoSIY1zPH2o45dWkKRF9G17LTbTdHdDALccYXzW+Lu4dFkX
6U7oPsTaWlsdE3HbPS6jWmESgJ4k/LMKJBh1Gxz1+DF84SZFEhQaJmLYRtKwH1x3
reKkkOspGwu164odwj6LaoRwPJZ/PYK4SrIbcjDyIB6UFdqgKs5YRdiD4rD2OBqL
lN/a64KYy/Qvih3bHIjaZ96aX1kiLM2L29WPvrOypi3tCurQDjaNAkRz/Pb0et2v
8pweeH9aOxNfbmClbGEAZCbFHIvEvLQ=
-----END CERTIFICATE REQUEST-----

How can I sign this CSR with my CA without losing properties?