[HELP] - Certificate - Let's encrypt - Reverse proxy

Hello, I can access the kubernetes services on port 80 from the internet, but to switch to 443 I have to set up the certificates.
I wonder at what level to put the certificates, is it sufficient on the reverse proxy of the server only, do I also have to put certificates at the level of the kubernetes services.
At the reverse proxy level should I use let's encrypt (http or dns challenge) because I have a public dns or use the certificate generated by porkbun and deploy it on my server.
Here is a diagram of my infrastructure.

I tried to enable let's encrypt on my server's traefik revere proxy but I got an error, saying that the certificate is not valid for my kubernetes cluster.

Thank you for your help.

Diagramme sans nom1702×952 112 KB

I think in general in k8s the TLS certs are handled by cert-manager (guide), not Traefik directly. But I am not a k8s user.

solution is:

just need to use http and not https for the interne redirection 'kubernetes-traefik-https'
tls connexion is before

  services:
    kubernetes-traefik-http:
      loadBalancer:
        passHostHeader: true
        servers:
          - url: "http://kubeserver:31960/"
    kubernetes-traefik-https:
      loadBalancer:
        passHostHeader: true
        servers:
          - url: "http://kubeserver:31960/"