On LB - Lets Encrypt valid but CA root certificate is not trusted ---whhhaaaat!

Linux:
Centos 8
So fresh install of virtualmin |Webmin version|1.973|Usermin version|1.823|| — | — | — | — |
|Virtualmin version|6.15|

My setup is a little more complicated I have a pfSense firewall on a public ip that NATs to load balancer (pound) on private LAN(10.0.0.27)(ports 80, 443) which in turn routes to my virtualmin vm —>(10.0.0.38) on another port (8500). Eventually I will rysnc another server but for now its routing to one instance of virtualmin. I am able to access virtual servers once I change the ports of virtual server to 8500.
Everything works fine except when it comes to generating Let’s encrypt certs. First thing is I cannot validate a cert unless I create the /.well-known/acme-challenge/ directories first. So I do that and I get a valid cert from Let’s encrypt for my domain. Fine I can live with that. But when I check in the browser its says: This CA root certificate is not trusted. Issued by localhost.localdomain

It looks as though its using a self signed cert even though Let’s Encrypt says good to go. Any ideas how to trace this issue? BTW all of my servers and vms have FQDN. domain is: qnetworx.ca

Maybe something else worth mentioning: my virtualmin server webserv01.xxxx.xxx:10000 has a FQDN and the lets encrypt cert is working fine - no issues its only subsequent virtual servers that are crapping out for some reason. I made no changes to the configuration. All my domain names are at a registrar (name.com) so that shouldn’t be an issue either.

Check the CA cert line was added to httpd.conf. I noticed the last time I requested a certificate, webmin only added the .cert and .key lines, but not the .ca line, causing similar issues to yours…

SSLCertificateFile /home/site/ssl.cert
SSLCertificateKeyFile /home/site/ssl.key
# manually added..
SSLCACertificateFile /home/site/ssl.ca