Solved - Certificate error in logs

I have rancher 2.2.4 in HA…
When I first installed rancher, it had self-signed cert, with this command:

helm install rancher-latest/rancher \
  --name rancher \
  --namespace cattle-system \
  --set hostname=rancher.my.org

After few weeks, did helm upgrade rancher, and using real certificate:

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable

helm upgrade rancher rancher-stable/rancher \
  --namespace cattle-system \
  --set hostname=rancher.my.org \
  --set ingress.tls.source=secret \
  --set privateCA=true

kubectl -n cattle-system delete secret tls-rancher-ingress

kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=tls.crt --key=tls.key

kubectl -n cattle-system create secret generic tls-ca --from-file=cacerts.pem

After this point, my custom cluster took several minutes, but it came back.
However, I am now seeing these:

time="2019-07-01T14:21:16Z" level=info msg="Connecting to wss://rancher.my.org/v3/connect with token <my_token>"
time="2019-07-01T14:21:16Z" level=info msg="Connecting to proxy" url="wss://rancher.my.org/v3/connect"
time="2019-07-01T14:21:16Z" level=error msg="Failed to connect to proxy" error="x509: certificate signed by unknown authority"
time="2019-07-01T14:21:16Z" level=error msg="Failed to connect to proxy" error="x509: certificate signed by unknown authority"

I am trying to figure out what is causing this and how can I resolve it?

Thank you!

I’m not 100% sure if this will work, but you could try deleting the cluster-agent pod. That would cause it to get recreated and it then might have the correct ca cert.

Thanks for reply!
Have a stupid question, but want to confirm.
Do I delete cluster-agent pod running on one of the three nodes of rancher-cluster or cluster-agent pod running on custom cluster?

Ended up rebuilding the whole environment, and now the errors are gone.