Redis SSL Cluster Creation + Client SSL

Hello, I am able to set up a non-SSL Redis cluster (3 masters, 3 replicas) easily but I’m having a lot of issues getting my SSL cluster to function.

Redis Version: 6.2.6 on CentOS7

I have SSL certificates from Digicert, but when I attempt to create the cluster in SSL I get:

redis-cli --cluster create 127.0.0.1:6381 127.0.0.1:6382 127.0.0.1:6383 127.0.0.1:6384 127.0.0.1:6385 127.0.0.1:6386 --cluster-replicas 1 --tls
[ERR] Node 127.0.0.1:6382 is not configured as a cluster node.

The configuration is:

port 0
tls-port 6381
cluster-enabled yes
cluster-config-file nodes.conf
cluster-node-timeout 5000
appendonly yes
appendfsync everysec
tcp-backlog 65536
tcp-keepalive 0
maxclients 10000
loglevel notice
logfile "/var/log/redis/redis-cluster-6381.log"
 
tls-replication yes
tls-cluster yes
tls-auth-clients no
tls-protocols "TLSv1.2 TLSv1.3"
tls-ca-cert-dir /opt/redis-ssl
tls-cert-file /opt/redis-ssl/redis-cluster-01.mysite.crt
tls-key-file /opt/redis-ssl/redis-cluster-01.mysite.key
tls-ca-cert-file /opt/redis-ssl/digicert-ca.crt

In the logs it reads:

Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (conn: fd=12)

I changed the order of the pem file and was able to create the cluster with the above settings. However, it connects with just redis-cli -c -p 6382, should it not reject it?

Secondly, in the logs I still see:

Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (conn: fd=22)