I'm not entirely sure. I've had plenty of cert issues, especially with rancher and harvester integration. It would be nice if they exposed cert-manager (at least Lets Encrypt options) in the UI for harvester but I don't think that is possible for rancher due to the numerous ways Rancher Manager can be installed.
I don't /think/ that's your problem (I often see errors related to certs that are self signed) but if it's a 403, that means the server got the request and possibly even understood it but is actively denying it for some reason. Could be due to the cert or some other authorization is expects (IP blacklisting, something higher up in the OSI layers, expected a token of some type.... dunno)
Sorry I can't be of more help.