Hi. We setup a HA Teleport cluster (v4.0.4) in AWS following your terraform guide. We have 2 proxies and 2 auth servers, are using LetEncrypt certs and have an internet-facing nlb for the proxies and internal nlb for the auth servers. Ports 443, 3023, 3024, 3080 are open on the proxy and Port 3025 on the auth server.
We have been able to add nodes to the cluster as long as they can reach the auth server on its internal IP, but when we try to do this with a server external to the cluster using node tunnelling we have issues.
The node tries to connect but on the proxy we see the error:
TLS handshake error from public_ip:55388: remote error: tls: bad certificate
and on the node itself we see:
Node failed to establish connection to cluster: ssh: handshake failed: no matching keys found. service/connect.go:65
The config for the node and the proxy are below. I assume we have something incorrectly set under the proxy_service config on the proxies, but could someone please advise?
Also to note, we are using Cloudflare for external dns which also provides a cert. Not sure if this could cause an issue?