Is it a good design practice to implement a separate webserver for readiness and liveness probes?

Most of my application processes comprise of web servers serving application-specific traffic.
Applications are expected to be deployed with the best possible security measures. For example, mutual TLS encryption over the wire is always enabled and always expects valid TLS certificates.

With HTTPS, there is no possibility to configure TLS certs per HTTP endpoints (like /ready and /live).

K8S as part of HTTP-based health checks doesn’t provide a client certificate to the application (TLS Server) and ignores the TLS Server certificate.

Is it correct to expect a separate HTTPS web server for liveness and readiness checks? In this case, the webserver shouldn’t expect a valid TLS client certificate and also works with no client certificate.