diff --git a/changelogs/fragments/1226-docker-sdk-tls.yml b/changelogs/fragments/1226-docker-sdk-tls.yml
new file mode 100644
index 00000000..b99599dc
--- /dev/null
+++ b/changelogs/fragments/1226-docker-sdk-tls.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "modules and plugins using the Docker SDK for Python - do not automatically set ``tls_hostname`` when ``validate_certs=true`` for Docker SDK for Python 7.0.0+ (https://github.com/ansible-collections/community.docker/issues/1225, https://github.com/ansible-collections/community.docker/pull/1226)."
diff --git a/plugins/module_utils/_common.py b/plugins/module_utils/_common.py
index e76b8ebd..feec628e 100644
--- a/plugins/module_utils/_common.py
+++ b/plugins/module_utils/_common.py
@@ -140,25 +140,24 @@ def get_connect_params(
 
     if auth_data["tls_verify"]:
         # TLS with verification
-        tls_config = {
+        tls_config: dict[str, t.Any] = {
             "verify": True,
-            "assert_hostname": auth_data["tls_hostname"],
-            "fail_function": fail_function,
         }
+        if auth_data["tls_hostname"] is not None:
+            tls_config["assert_hostname"] = auth_data["tls_hostname"]
         if auth_data["cert_path"] and auth_data["key_path"]:
             tls_config["client_cert"] = (auth_data["cert_path"], auth_data["key_path"])
         if auth_data["cacert_path"]:
             tls_config["ca_cert"] = auth_data["cacert_path"]
-        result["tls"] = _get_tls_config(**tls_config)
+        result["tls"] = _get_tls_config(fail_function=fail_function, **tls_config)
     elif auth_data["tls"]:
         # TLS without verification
         tls_config = {
             "verify": False,
-            "fail_function": fail_function,
         }
         if auth_data["cert_path"] and auth_data["key_path"]:
             tls_config["client_cert"] = (auth_data["cert_path"], auth_data["key_path"])
-        result["tls"] = _get_tls_config(**tls_config)
+        result["tls"] = _get_tls_config(fail_function=fail_function, **tls_config)
 
     if auth_data.get("use_ssh_client"):
         if LooseVersion(docker_version) < LooseVersion("4.4.0"):
@@ -372,7 +371,8 @@ class AnsibleDockerClientBase(Client):
             ),
         }
 
-        update_tls_hostname(result)
+        if LooseVersion(docker_version) < LooseVersion("7.0.0b1"):
+            update_tls_hostname(result)
 
         return result