To "fix" it, I rolled back to the previous version of Rancher, then redeployed the chart again changing back to the Rancher issued certs, followed by recalculating the CA Checksum. I didn't achieve my goal of switching to Lets Encrypt 😞 , but I guess at least I don't have crashing pods anymore.