What is the use of the

tls-rancher-internal-ca

secret and the

/cacerts

endpoint? I have noticed when using Rancher with a private CA, this secret has a "dynamiclistener" Rancher-generated secret, instead of the user provided TLS CA + Key. This can cause an issue if you're using RKE2, since the RKE2 provisioning jobs will check the

/cacerts

endpoint, get the invalid CA, and fail. Manually updating the

tls-rancher-internal-ca

secret will fix this issue if you're using private CA as a workaround. Any thoughts? Thanks. FYI I am using Rancher 2.6.8, with the Rancher helm chart.