You could add the Windows CA root/intermediate certs to the trusted cert store on the host. This is the preferred way IMO as you can just upload the certs as you did before without disabling any verification in ns8-traefik.
Export the CA certs, see also Export Root Certification Authority Certificate - Windows Server | Microsoft Learn
Save the cert(s) to /etc/pki/ca-trust/source/anchors/
(Rocky) or /usr/local/share/ca-certificates/
(Debian)
Update the trusted certs on Rocky
update-ca-trust
or Debian:
update-ca-certificates
The other methods to upload a self-signed certificate is to allow self-signed certs or disable verification completely to not need the full certificate chain.
Allow self-signed certs:
Add the certificate chain to the cert by exporting the CA certs and put them together to a cert file as explained here: Export trusted client CA certificate chain for client authentication - Azure Application Gateway | Microsoft Learn
Edit the environment file
runagent -m traefik1 nano environment
UPLOAD_CERTIFICATE_VERIFY_TYPE=selfsign
Now it should be possible to upload the self-signed-cert including the root/intermediate certs.
Disable verification: (NOT recommended)
To be able upload certs without verification and need of the full certificate chain set it to “none”.
UPLOAD_CERTIFICATE_VERIFY_TYPE=none