Unable to connect to the server: x509

Hi,
I have Rancher HA setup in AWS with external LB using ALB. I can access it via UI, as well as using kube_config_rancher-cluster.yml credentials generated during the rke setup. Unfortunately I am getting following error:

$ kubectl get pods --all-namespaces
Unable to connect to the server: x509: certificate signed by unknown authority

when I am trying to use credentials generated in Rancher UI.

This is my setup:

rancher-cluster.yaml:

nodes:
- address: 172.25.4.59
internal_address: 172.25.4.59
user: $USER
ssh_key_path: ~/.ssh/id_rsa
role: [controlplane,worker,etcd]
- address: 172.25.5.161
internal_address: 172.25.5.161
user: $USER
ssh_key_path: ~/.ssh/id_rsa
role: [controlplane,worker,etcd]
- address: 172.25.6.153
internal_address: 172.25.6.153
user: $USER
ssh_key_path: ~/.ssh/id_rsa
role: [controlplane,worker,etcd]services:

etcd:
snapshot: true
creation: 6h
retention: 24hingress:

provider: nginx
options:
` use-forwarded-headers: “true”``

rke up --config ./rancher-cluster.yml --ssh-agent-auth

kubectl create clusterrolebinding tiller --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller
kubectl -n kube-system rollout status deploy/tiller-deploy
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
helm repo update

kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.9/deploy/manifests/00-crds.yaml
kubectl create namespace cert-manager
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install --name cert-manager --namespace cert-manager --version v0.9.1 jetstack/cert-manager

helm install rancher-stable/rancher --name rancher --namespace cattle-system --set hostname=domain.net --version v2.2.9 --set tls=external

I have read this: https://github.com/rancher/rancher/issues/15860 as well as https://github.com/rancher/rancher/issues/17155 but none of those advises worked.