Traefik not giving root of chained Certificate

Hello, I am encountering an issue with the creation of TLS certificate,
Basically the setup I have is a root certificate manage by a Windows AD (A) then a intermediary manage by a step-ca instance (B) and finally the leaf created by Traefik (C). What is then suppose to happen is for any instance manage by Traefik is to have a chained certificate looking like this : A->B->C except I only have this: B->C.
here is my Traefik config

version: '3.3'

services:

  traefik:
    image: traefik:v2.5
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
      - 2222:2222
    environment:
      - LEGO_CA_CERTIFICATES=/root/.step/certs/root_ca.crt 
    deploy:
      placement:
        constraints:
          - node.labels.traefik-public.traefik-public-certificates == true
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.constraint-label=traefik-public
        - traefik.http.middlewares.admin-auth.basicauth.users=*******

        - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
        - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
        - traefik.http.routers.traefik-public-http.rule=Host(`traefik.docker.mydomain`)
        - traefik.http.routers.traefik-public-http.entrypoints=http
        - traefik.http.routers.traefik-public-http.middlewares=https-redirect
        - traefik.http.routers.traefik-public-https.rule=Host(`traefik.docker.mydomain`)
        - traefik.http.routers.traefik-public-https.entrypoints=https
        - traefik.http.routers.traefik-public-https.tls=true
        - traefik.http.routers.traefik-public-https.service=api@internal
        - traefik.http.routers.traefik-public-https.tls.certresolver=stepca
        - traefik.http.routers.traefik-public-https.middlewares=admin-auth
        - traefik.http.services.traefik-public.loadbalancer.server.port=8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-public-certificates:/certificates
      - /root/.step/certs/root_ca.crt:/root/.step/certs/root_ca.crt
    command:
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - --providers.docker.exposedbydefault=false
      - --providers.docker.swarmMode=true
      - --entrypoints.http.address=:80
      - --entrypoints.https.address=:443
      - --entrypoints.gitssh.address=:2222
      - "--certificatesResolvers.stepca.acme.caServer=https://step-ca.mydomain/acme/acme/directory"
      - "--certificatesResolvers.stepca.acme.email=useremail@mydomain"
      - "--certificatesResolvers.stepca.acme.storage=/certificates/acme.json"
      - "--certificatesResolvers.stepca.acme.tlsChallenge=true"
      - "--providers.providersthrottleduration=100"
      - --accesslog
      - --log
      - --api
      - --pilot.token="token"
    networks:
      - traefik-public

volumes:
  traefik-public-certificates:

networks:
  traefik-public:
    external: true

Someone has any idea on what is going on, if you need more info please do ask

Why do you use a Traefik version from August 2021?

Are you aware that Traefik CE does not support clustered LE, so you can usually just run a single instance?

I recommend to test this first with a single Traefik Docker instance or even go acme CLI, which is the library Traefik uses.

Hi, first of all I forgot to mention that this setup has been "inherited" without much documentation and so I have the philosophy of not fixing what not broken.

As for your second point I am not sure of what you mean by clustered LE, the Traefik instance is not replicated.

Thanks for making the web more insecure by running a 3 year old version with many security and bug fixes since it’s release

Not doing anything (as in keeping old versions running for years) is not really an option in todays very hostile Internet, bots and AI increasingly driving more sophisticated attacks on IT.