Hi, I have problem with deploy config from Leader to Worker. I have distributed deployment with 2 Workers and 1 worker group (testing, free license used). I configured secure connection between Leader and Workers according to https://docs.cribl.io/stream/securing-communications 1. For the first look everything is OK - both Workers are visible on Manage Worker Nodes on Leader as alive, I can connect to Workers GUI (Remote UI Access is on), config version is OK etc.
Problem is when I want to deploy config changes to Workers. On Manage Worker Nodes I see yellow exclamation mark and neverending rotating circle in Config version column and config changes are not propagated to Workers.
In log on Leader I see this:

{"time":"2022-06-17T13:01:21.350Z","cid":"api","channel":"CriblMaster","level":"info","message":"sending config update request","group":"default","version":"8627dcf","logStreamEnv":"master","worker":"ff5ea4c4-51eb-4aa4-a650-2e6c8251bb21"}{"time":"2022-06-17T13:01:21.363Z","cid":"api","channel":"CriblMaster","level":"warn","message":"failed config update","group":"default","version":"8627dcf","logStreamEnv":"master","worker":"ff5ea4c4-51eb-4aa4-a650-2e6c8251bb21","elapsed":13,"error":{"__criblEventType":"event","__ctrlFields":[],"__final":false,"__cloneCount":0,"type":"resp","status":500,"message":"error running handler for req=configure","error":{"message":"Received non-OK status code=403","stack":"Error: Received non-OK status code=403\n  at ClientRequest.<anonymous> (/srv/app/int/secmon/cribl/bin/cribl.js:14:11928157)\n  at Object.onceWrapper (events.js:520:26)\n  at ClientRequest.emit (events.js:400:28)\n  at ClientRequest.emit (domain.js:475:12)\n  at HTTPParser.parserOnIncomingClient (_http_client.js:647:27)\n  at HTTPParser.parserOnHeadersComplete (_http_common.js:127:17)\n  at Socket.socketOnData (_http_client.js:515:22)\n  at Socket.emit (events.js:400:28)\n  at Socket.emit (domain.js:475:12)\n  at Socket.Readable.read (internal/streams/readable.js:504:10)"},"req":"configure","reqId":8,"rpc":false,"__raw":"{\"type\":\"resp\",\"status\":500,\"message\":\"error running handler for req=configure\",\"error\":{\"message\":\"Received non-OK status code=403\",\"stack\":\"Error: Received non-OK status code=403\\n  at ClientRequest.<anonymous> (/srv/app/int/secmon/cribl/bin/cribl.js:14:11928157)\\n  at Object.onceWrapper (events.js:520:26)\\n  at ClientRequest.emit (events.js:400:28)\\n  at ClientRequest.emit (domain.js:475:12)\\n  at HTTPParser.parserOnIncomingClient (_http_client.js:647:27)\\n  at HTTPParser.parserOnHeadersComplete (_http_common.js:127:17)\\n  at Socket.socketOnData (_http_client.js:515:22)\\n  at Socket.emit (events.js:400:28)\\n  at Socket.emit (domain.js:475:12)\\n  at Socket.Readable.read (internal/streams/readable.js:504:10)\"},\"req\":\"configure\",\"reqId\":8,\"rpc\":false}","__socketAddr":"10.88.29.42:16337","__srcIpPort":"10.88.29.42:16337"}}{"time":"2022-06-17T13:01:21.363Z","cid":"api","channel":"CriblMaster","level":"warn","message":"failed to get worker configs up-to-date","group":"default","version":"8627dcf","guid":"ff5ea4c4-51eb-4aa4-a650-2e6c8251bb21","error":{"__criblEventType":"event","__ctrlFields":[],"__final":false,"__cloneCount":0,"type":"resp","status":500,"message":"error running handler for req=configure","error":{"message":"Received non-OK status code=403","stack":"Error: Received non-OK status code=403\n  at ClientRequest.<anonymous> (/srv/app/int/secmon/cribl/bin/cribl.js:14:11928157)\n  at Object.onceWrapper (events.js:520:26)\n  at ClientRequest.emit (events.js:400:28)\n  at ClientRequest.emit (domain.js:475:12)\n  at HTTPParser.parserOnIncomingClient (_http_client.js:647:27)\n  at HTTPParser.parserOnHeadersComplete (_http_common.js:127:17)\n  at Socket.socketOnData (_http_client.js:515:22)\n  at Socket.emit (events.js:400:28)\n  at Socket.emit (domain.js:475:12)\n  at Socket.Readable.read (internal/streams/readable.js:504:10)"},"req":"configure","reqId":8,"rpc":false,"__raw":"{\"type\":\"resp\",\"status\":500,\"message\":\"error running handler for req=configure\",\"error\":{\"message\":\"Received non-OK status code=403\",\"stack\":\"Error: Received non-OK status code=403\\n  at ClientRequest.<anonymous> (/srv/app/int/secmon/cribl/bin/cribl.js:14:11928157)\\n  at Object.onceWrapper (events.js:520:26)\\n  at ClientRequest.emit (events.js:400:28)\\n  at ClientRequest.emit (domain.js:475:12)\\n  at HTTPParser.parserOnIncomingClient (_http_client.js:647:27)\\n  at HTTPParser.parserOnHeadersComplete (_http_common.js:127:17)\\n  at Socket.socketOnData (_http_client.js:515:22)\\n  at Socket.emit (events.js:400:28)\\n  at Socket.emit (domain.js:475:12)\\n  at Socket.Readable.read (internal/streams/readable.js:504:10)\"},\"req\":\"configure\",\"reqId\":8,\"rpc\":false}","__socketAddr":"10.88.29.42:16337","__srcIpPort":"10.88.29.42:16337"}}

and on Worker

{  "time": "2022-06-17T13:01:21.351Z",  "cid": "api",  "channel": "CriblWorker",  "level": "info",  "message": "leader triggered configure",  "version": "8627dcf",  "group": "default",  "checksum": "sha1:27d31c969b154e7addc0af8afd8133ae4510b6c8",  "url": "https://10.88.29.12:4200/api/v1/master/bundles/default/8627dcf?guid=ff5ea4c4-51eb-4aa4-a650-2e6c8251bb21",  "source": "cribl.log"}

I tried with different kinds of certificates (self-signed certificates generated on cribl servers, certificates made by CA which I configured on Leader node, certificates from external 3rd party CA - still the same result.
Without TLS everything works well.
Could you please help me point out what is wrong?
Many thanks for help in advance.
Best regards
Lukas Mecir