Ok, so I ended up finding a solution to my problem. Turns out I misunderstood quite a lot about both traefik in terms of its configuration and tls in general. I figured out that I needed the entire certificate chain in the rootCA I provided to traefik so it could verify to whom it was talking to correctly. I also figured out what the "ServersTransports" were and what they were used for (config for communicating with backend services).
After figuring that stuff out, I kept getting a bad certificate error that was telling me that the certificate I was using didn't have any IPs in the SANs, which I had done on purpose because I wanted my setup to be as easily started up and taken down without knowing what the IP of my services was gonna be so it would stay dynamic (idk if I explained my train of thought properly). All I had to do was give my containers fixed IPs on roachnet and add those IPs in the SANs of the certificates I generate with my "certs_gen" script and voila! Everything works fine!
In my head, I thought traefik was supposed to use the same certificates as my nodes to receive connections, so when I was curling the traefik container and I noticed the CN was "TRAEFIK DEFAULT", I thought I had done something wrong and I didn't realize traefik terminates the tls connection and reencrypts it to communicate with the services on the backend and thats why you need the rootCA, so it can verify the service's certificate.