Rke etcd snapshot-save for S3 fails with Custom CA


I am trying to make use of the custom CA option for the rke-tools docker image to use when trusting our private CA certificate for S3. I want to setup recurring etcd-snapshots, but testing with the one-time etcd snapshot has shown me that the etcd-snapshot-once container is failing whenever I provide it with the custom CA to trust. Specifically, I am trying to execute this command:

rke etcd snapshot-save --config rancher-cluster.yaml --name test --s3 --folder snapshots --bucket-name rancher-bucket --s3-endpoint s3.xxx.yyy.zzz --s3-endpoint-ca ca.pem

The following is the output:

INFO[0000] Starting saving snapshot on etcd hosts
INFO[0000] [dialer] Setup tunnel for host [X.X.X.X]
INFO[0000] [dialer] Setup tunnel for host [Y.Y.Y.Y]
INFO[0000] [dialer] Setup tunnel for host [Z.Z.Z.Z]
INFO[0000] [etcd] Saving snapshot [test] on host [Z.Z.Z.Z]
INFO[0001] [etcd] Successfully started [etcd-snapshot-once] container on host [Z.Z.Z.Z]
INFO[0001] Waiting for [etcd-snapshot-once] container to exit on host [Z.Z.Z.Z]
INFO[0001] Container [etcd-snapshot-once] is still running on host [Z.Z.Z.Z]
INFO[0002] Waiting for [etcd-snapshot-once] container to exit on host [Z.Z.Z.Z]
FATA[0002] Failed to take one-time snapshot, exit code [1]:

I am using rke:v0.2.7 and rancher v2.2.6.

I have tried providing the CA certificate as a base64 encoded string but the command results in an error saying:

WARN[0000] Failed to read s3-endpoint-ca [${base64 encoded cert}]: failed to read certificate [${base64 encoded cert}]: open [${base64 encoded cert}]: file name too long

Can someone please tell me how I should be providing the value for the flag: --s3-endpoint-ca, and maybe any other useful information on the format of the CA certificate that I need to pass in? Perhaps I need to remove all the line breaks or something likewise?

Appreciate all the help,