I want to read Kubernetes secrets and then import those certificates to AWS ACM. Below is my code

#Read master ingress cert
data "kubernetes_secret" "master_cert" {
  metadata {
    name      = "${var.env}-api-gw-ingress"
    namespace = var.env
  }
  binary_data = {
    "tls.key" = ""
    "tls.crt" = ""
    "ca.crt"  = ""
  }
  depends_on  = [kubernetes_manifest.master_ingress]
}

#Upload master ingress cert
resource "aws_acm_certificate" "master_cert" {
  private_key       = base64decode(lookup(data.kubernetes_secret.master_cert.binary_data, "tls.key"))
  certificate_body  = base64decode(lookup(data.kubernetes_secret.master_cert.binary_data, "tls.crt"))
  certificate_chain = base64decode(lookup(data.kubernetes_secret.master_cert.binary_data, "ca.crt" ))
}

But I am getting the below error

Error: error importing ACM Certificate: ValidationException: Provided certificate is not a valid self signed. Please provide either a valid self-signed certi
ficate or certificate chain.
│
│   with aws_acm_certificate.master_cert,
│   on main.tf line 48, in resource "aws_acm_certificate" "master_cert":
│   48: resource "aws_acm_certificate" "master_cert" {

I have checked the certs and the chains are all correct. I would appreciate any help or suggestions.

Thank you