Getting cert error talking directly to control plane nodes

I’m trying to talk directly to port 6443 on my control plane nodes and I’m getting the following error:

Unable to connect to the server: x509: certificate signed by unknown authority

To access our environment, we create SSH tunnels and then configure $HOME/.kube/config with the correct hostname (https://localhost:5555). I’m not sure if this is what’s throwing the curve ball or something else.

Anyone have any ideas?