X509: certificate signed by unknown authority on HCP

I’m trying to connect a consul client to my HCP Consul server and receive the following certificate error when the client tries to login.

X509: certificate signed by unknown authority on Consul client

I’m deploying on AWS ECS, with Terraform and using v0.5.1 of the mesh-task module.

I’ve been following instructions from this guide -Serverless Consul service mesh with ECS and HCP | Consul - HashiCorp Learn.

Passing the downloaded ca.pem file via secretsmanager as suggested.

Any ideas what might be the issue?

Do I need to manually install the root CA cert into the consul container image?