Rancher cert questions

Hey So I asked this question some time ago, but I kinda want to know if its possible.

So current problem.

We have a rancher cluster on our servers 3 nodes for rancher 3 nodes for a production cluster

We don’t want our rancher cluster to be accessible to the outside world but the managed production cluster to be exposed. We also need signed certs for production. Looking into rancher lets encrypt it says that the load balancer has to be exposed so I run into this problem.

Let’s say Loadbalancer is on It points to for the rancher cluster.

And let’s say that inside the router we route the dns name of rancher.test.com to
And outside the router, we have a public dns of app.production.com to
So I understand that it is okay to have the app.production.com to because it can be accessed from outside. but what about the rancher server on rancher.test.com? How can I make it just use self-signed certs? Is this even possible? Or Am I just crazy cause I would like to know!
Thanks in advance!