AWS Load Balancer and Chart Museum issue

[moos3]

When trying to install the latest chart version with aws-load-balancer-controller.

Diagnostics:
  eks:index:Cluster$aws:eks/cluster:Cluster (eks-cluster-eksCluster)
    Cluster is ready
 
  kubernetes:helm.sh/v3:Chart$kubernetes:apps/v1:Deployment (chartmuseum/chartmuseum)
    [1/2] Waiting for app ReplicaSet be marked available
    warning: [MinimumReplicasUnavailable] Deployment does not have minimum availability.
    warning: [ProgressDeadlineExceeded] ReplicaSet "chartmuseum-78cbfc496f" has timed out progressing.
    [1/2] Waiting for app ReplicaSet be marked available (0/1 Pods available)
    warning: [Pod chartmuseum/chartmuseum-78cbfc496f-8r9kt]: containers with unready status: [chartmuseum]
 
  kubernetes:helm.sh/v3:Chart$kubernetes:core/v1:Service (chartmuseum/chartmuseum)
    [1/3] Finding Pods to direct traffic to
 
  kubernetes:helm.sh/v3:Chart$kubernetes:networking.k8s.io/v1:Ingress (chartmuseum/chartmuseum)
    Retry #0; creation failed: Internal error occurred: failed calling webhook "vingress.elbv2.k8s.aws": failed to call webhook: Post "https://aws-load-balancer-webhook-service.aws-lb-controller-ns.svc:443/validate-networking-v1-ingress?timeout=10s": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "aws-load-balancer-controller-ca")
    error: resource chartmuseum/chartmuseum was not successfully created by the Kubernetes API server : Internal error occurred: failed calling webhook "vingress.elbv2.k8s.aws": failed to call webhook: Post "https://aws-load-balancer-webhook-service.aws-lb-controller-ns.svc:443/validate-networking-v1-ingress?timeout=10s": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "aws-load-balancer-controller-ca")

chartMuseum = Chart(
    'chartmuseum',
    ChartOpts(
        chart="chartmuseum",
        version="3.9.3",
        fetch_opts=FetchOpts(
            repo="https://chartmuseum.github.io/charts"
        ),
        namespace=name,
        values={
            "ingress": {
                "enabled": True,
                "ingressClassName": "alb",
                "pathType": "ImplementationSpecific",
                "annotations": {
                    "alb.ingress.kubernetes.io/backend-protocol": "HTTP",
                    "alb.ingress.kubernetes.io/listen-ports": '[{"HTTPS":443},{"HTTP":80}]',
                    "alb.ingress.kubernetes.io/load-balancer-attributes":"idle_timeout.timeout_seconds=300",
                    "alb.ingress.kubernetes.io/scheme": "internet-facing",
                    "alb.ingress.kubernetes.io/ssl-redirect": "443"
                },
                "hosts": [
                    {
                        "name": f"{chartHostname}.{zoneName}",
                        "path": "/",

                        "tls": False
                    },
                ],
            },
            "env": {
                "open": {
                    "STORAGE": "amazon",
                    "STORAGE_AMAZON_BUCKET": cm_bucket.bucket,
                    "STORAGE_AMAZON_REGION": cm_bucket.region,
                    "DEBUG": True,
                    "DISABLE_API": False,
                    "ALLOW_OVERWRITE": True,
                    "AUTH_ANONYMOUS_GET": False,
                    "DEPTH": 1,
                    "AWS_SDK_LOAD_CONFIG": True,
                },
                "secret": {
                    "BASIC_AUTH_USER": "*****",
                    "BASIC_AUTH_PASS": "********",
                }
            },
            "serviceAccount": {
                "create": True,
                "annotations": {
                    "eks.amazonaws.com/role-arn": cm_role.arn
                }
            }
        }
    ),
    opts=pulumi.ResourceOptions(provider=provider,
                                depends_on=[alb_chart, cm_bucket])
)

[moos3]

any thoughts on this?