Can anyone help me with a TLS issue I am seeing when trying to import a cluster? I have a 3 node rancher deployment sitting behind an HAProxy LB and after I ran the registration command I am getting an SSL error:

level=fatal msg="Certificate chain is not complete, please check if all needed intermediate certificates are included in the server certificate (in the correct order) and if the cacerts setting in Rancher either contains the correct CA certificate (in the case of using self signed certificates) or is empty (in the case of using a certificate signed by a recognized CA). Certificate information is displayed above. error: Get <https://rancher.domain.com/>: x509: certificate signed by unknown authority"

I have certs signed by a CA that live on the load balancer, but I think maybe when I deployed rancher with helm I added some unnecessary options.. here were my steps:

helm repo add rancher-stable <https://releases.rancher.com/server-charts/stable>
kubectl create namespace cattle-system
kubectl -n cattle-system create secret generic tls-ca --from-file=cacerts.pem=/tmp/cacerts.pem
helm install rancher rancher-stable/rancher \
  --namespace cattle-system \
  --set hostname=${rancher_hostname} \
  --set bootstrapPassword=${rancher_bootstrap_password} \
  --set ingress.tls.source=secret \
  --set tls=external \
  --set additionalTrustedCAs=true \
  --set privateCA=true \
  --set global.cattle.psp.enabled=false

/var/lib/rancher/rke2/bin/kubectl -n cattle-system create secret generic tls-ca-additional --from-file=ca-additional.pem=/tmp/cacerts.pem