Upstream responds with "No required SSL certificate was sent" when sending client certificates upstream using ServersTransport

Traefik Traefik v2
1

We have a small dedicated EKS cluster dedicated to traefik 2.11.24. We are using Traefik as an outbound instance. Essentially a request will come in on something like outbound.company.local which points to a internal NLB which points to traefik. From within traefik we have an ingressroute to match on the hostname, apply client certificates using serverstransport and send it to a Service which is a ExternalName. We have this exact setup for 10+ proxies and they all work perfectly.

Now we are generating the configuration for a new one, but we keep getting an error from the External endpoint that we are not sending any client certificates. The differences that we are picking up with these client certificates compared to others is that these are self signed, but that are also in QWAC format, which contains a lot more attributes.

Unfortunately, at this point even when enabling debug logging there are no errors related to this issue.

Below the config from Kubernetes that we are using:

apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
  name: serverstransport
  namespace: default
spec:
  certificatesSecrets:
  - client-cert
  insecureSkipVerify: false
  rootCAsSecrets:
  - ca-cert
  serverName: secret.servername.com
--
apiVersion: v1
kind: Service
metadata:
  name: service
  namespace: default
spec:
  externalName: secret.servername.com
  sessionAffinity: None
  type: ExternalName
status:
  loadBalancer: {}
--
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: header
  namespace: default
spec:
  headers:
    customRequestHeaders:
      Host: secret.servername.com
--
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroute
  namespace: default
spec:
  entryPoints:
  - web
  routes:
  - kind: Rule
    match: Host(`outbound.company.local`)
    middlewares:
    - name: header
      namespace: default
    services:
    - name: service
      namespace: default
      port: 443
      serversTransport: serverstransport

At this point we are all out of ideas and not sure what else to do or check. We believe it has something to do with the certificates, but not sure what, possibly that Traefik does not like that it is a QWAC. We can plug the same certs into haproxy and nginx and it works perfectly. Same with using them in curl.