Unable to authorize grafana

I have a newly set up gitlab-ee 13.9.3 instance. The user accounts are authenticated through Active Directory.
When I try to access Grafana at https://git.peacehealth.org/-/grafana, it requests access to gitlab. When I grant the access, it throws an error:
login.OAuthLogin(NewTransportWithCode)
This is with both an AD user and the application root user.
grafana log shows this:

> `021-03-16_23:59:15.72154 t=2021-03-16T23:59:15+0000 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=10.100.72.78 time_ms=0 size=39 referer=
> 2021-03-16_23:59:19.63588 t=2021-03-16T23:59:19+0000 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/login/gitlab status=302 remote_addr=10.100.72.78 time_ms=0 size=340 referer=https://git.peacehealth.org/-/grafana/login
> 2021-03-16_23:59:26.52378 t=2021-03-16T23:59:26+0000 lvl=info msg="state check" logger=oauth queryState=c19dcba353ba9073aefd0dedabed31905084c14c346a08eb9b9b39c9b21b32ee cookieState=c19dcba353ba9073aefd0dedabed31905084c14c346a08eb9b9b39c9b21b32ee
> 2021-03-16_23:59:26.54327 t=2021-03-16T23:59:26+0000 lvl=eror msg=login.OAuthLogin(NewTransportWithCode) logger=context userId=0 orgId=0 uname= error="Post \"https://git.peacehealth.org/oauth/token\": x509: certificate signed by unknown authority"
> 2021-03-16_23:59:26.54335 t=2021-03-16T23:59:26+0000 lvl=eror msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/login/gitlab status=500 remote_addr=10.100.72.78 time_ms=19 size=1754 referer="https://git.peacehealth.org/oauth/authorize?access_type=online&client_id=ba43861949dfc9c49d9d484d23d17e3685920ae2b4655df2958de0f0ae580931&redirect_uri=https%3A%2F%2Fgit.peacehealth.org%2F-%2Fgrafana%2Flogin%2Fgitlab&response_type=code&scope=api&state=sK5Cn7yn2LlMWt5X0RA_QeH1b4wk9SpzRJ7KOFORK0Q%3D"
> 

I have grafana set up as a trusted application. Is there some other config I need to do?

Could it be the certificate CA?