Loopd fails to start on lnd TLS: failed certificate signed by unknown authority

[redstorm1]

start up log:

2024-05-07 15:40:33.843 [INF] LOOPD: Version: 0.28.1-beta commit=
2024-05-07 15:40:33.843 [INF] LNDC: Creating lnd connection to localhost:10009
2024-05-07 15:40:33.844 [INF] LNDC: Connected to lnd
2024-05-07 15:40:33.846 [INF] LNDC: Waiting for lnd to unlock
2024-05-07 15:40:33.846 [INF] LNDC: Wallet state of lnd is now: Lnd main server is ready for requests
2024-05-07 15:40:33.851 [INF] LNDC: lnd version: v0.17.5-beta, build tags 'autopilotrpc,signrpc,walletrpc,chainrpc,invoicesrpc,watchtowerrpc,neutrinorpc,monitoring,peersrpc,kvdb_postgres,kvdb_etcd,kvdb_sqlite'
2024-05-07 15:40:33.851 [INF] LNDC: Using network testnet
2024-05-07 15:40:33.852 [INF] LNDC: Waiting for lnd to be fully synced to its chain backend, this might take a while
2024-05-07 15:40:33.856 [INF] LNDC: lnd is now fully synced to its chain backend
2024-05-07 15:40:33.856 [INF] LOOPD: Protocol version: MuSig2
2024-05-07 15:40:33.856 [INF] LOOPD: Swap server address: localhost:10009
2024-05-07 15:40:33.856 [INF] LOOPD: Found sqlite db at /home/zzzz/.loop/testnet/loop_sqlite.db, skipping migration
2024-05-07 15:40:33.856 [INF] LOOPD: Opening sqlite3 database at: /home/zzzz/.loop/testnet/loop_sqlite.db
2024-05-07 15:40:33.904 [INF] LOOPD: Starting swap client
2024-05-07 15:40:33.904 [INF] LOOPD: Starting liquidity manager
2024-05-07 15:40:33.904 [INF] LOOPD: Starting gRPC listener
2024-05-07 15:40:33.904 [INF] LOOPD: Waiting for updates
2024-05-07 15:40:33.904 [INF] LOOP: Connected to lnd node 'Geektech lnd 🐙🏴‍☠️' with pubkey 03ee83ec25fc43cf1d683be47fd5e2ac39713a489b03fed4350d9623be1ff0d817 (version v0.17.5-beta, build tags 'autopilotrpc,signrpc,walletrpc,chainrpc,invoicesrpc,watchtowerrpc,neutrinorpc,monitoring,peersrpc,kvdb_postgres,kvdb_etcd,kvdb_sqlite')
2024-05-07 15:40:33.905 [INF] LOOPD: Liquidity manager stopped
2024-05-07 15:40:33.905 [ERR] LOOPD: Runtime error in daemon, shutting down: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"
2024-05-07 15:40:33.905 [INF] LOOPD: Stopping gRPC server
2024-05-07 15:40:33.905 [INF] LOOPD: Stopping REST server
2024-05-07 15:40:33.905 [DBG] LNDC: Closing lnd connection
2024-05-07 15:40:33.905 [INF] LOOPD: Swap client stopped
2024-05-07 15:40:33.905 [DBG] LNDC: Wait for client to finish
2024-05-07 15:40:33.905 [DBG] LNDC: Wait for chain notifier to finish
2024-05-07 15:40:33.905 [DBG] LNDC: Wait for invoices to finish
2024-05-07 15:40:33.905 [DBG] LNDC: Wait for router to finish
2024-05-07 15:40:33.905 [DBG] LNDC: Lnd services finished
2024-05-07 15:40:33.905 [DBG] LNDC: Lnd services finished
2024-05-07 15:40:33.905 [INF] LOOPD: Starting REST proxy listener
2024-05-07 15:40:33.905 [INF] LOOPD: REST proxy listening on 127.0.0.1:8081
2024-05-07 15:40:33.905 [INF] LOOPD: RPC server listening on 127.0.0.1:11010

loopd.conf

network=testnet
debuglevel=debug
server.host=localhost:10009
macaroonpath=/home/zzzz/.loop/testnet/loop.macaroon
lnd.macaroonpath=/home/zzzz/.lnd/data/chain/bitcoin/testnet/admin.macaroon
lnd.tlspath=/home/zzzz/.lnd/tls.cert
tlscertpath=/home/zzzz/.loop/testnet/tls.cert
tlskeypath= /home/zzzz/.loop/testnet/tls.key

I have stopped and deleted the tls certificates and keys and restarted both lnd and loopd on testnet but the issue remains that the tls.cert that lnd generates is rejected by loopd as not being signed by a known authority. adding both certs to the ca certificate store did not change the behaviour.