fix: use host's root CA set if ClientTLS ca is not defined

Co-authored-by: Tom Moulard <tom.moulard@traefik.io>

docs/content/middlewares/http/forwardauth.md

@@ -353,7 +353,8 @@ The `tls` option is the TLS configuration from Traefik to the authentication ser
 
 #### `tls.ca`
 
-Certificate Authority used for the secured connection to the authentication server.
+Certificate Authority used for the secured connection to the authentication server,
+defaults to the system bundle.
 
 ```yaml tab="Docker"
 labels:

docs/content/providers/consul-catalog.md

@@ -368,7 +368,8 @@ Defines TLS options for Consul server endpoint.
 
 _Optional_
 
-`ca` is the path to the CA certificate used for Consul communication, defaults to the system bundle if not specified.
+Certificate Authority used for the secure connection to Consul,
+defaults to the system bundle.
 
 ```yaml tab="File (YAML)"
 providers:

docs/content/providers/consul.md

@@ -106,7 +106,8 @@ _Optional_
 
 #### `tls.ca`
 
-Certificate Authority used for the secure connection to Consul.
+Certificate Authority used for the secure connection to Consul,
+defaults to the system bundle.
 
 ```yaml tab="File (YAML)"
 providers:

docs/content/providers/docker.md

@@ -615,7 +615,8 @@ _Optional_
 
 #### `tls.ca`
 
-Certificate Authority used for the secure connection to Docker.
+Certificate Authority used for the secure connection to Docker,
+defaults to the system bundle.
 
 ```yaml tab="File (YAML)"
 providers:

docs/content/providers/etcd.md

@@ -106,7 +106,8 @@ _Optional_
 
 #### `tls.ca`
 
-Certificate Authority used for the secure connection to etcd.
+Certificate Authority used for the secure connection to etcd,
+defaults to the system bundle.
 
 ```yaml tab="File (YAML)"
 providers:

docs/content/providers/http.md

@@ -78,7 +78,8 @@ _Optional_
 
 #### `tls.ca`
 
-Certificate Authority used for the secure connection to the configured endpoint.
+Certificate Authority used for the secure connection to the configured endpoint,
+defaults to the system bundle.
 
 ```yaml tab="File (YAML)"
 providers:

docs/content/providers/kubernetes-crd.md

@@ -62,7 +62,7 @@ Previous versions of Traefik used a [KV store](https://doc.traefik.io/traefik/v1
 
 If you need Let's Encrypt with HA in a Kubernetes environment, we recommend using [Traefik Enterprise](https://traefik.io/traefik-enterprise/), which includes distributed Let's Encrypt as a supported feature.
 
-If you want to keep using Traefik Proxy, high availability for Let's Encrypt can be achieved by using a Certificate Controller such as [Cert-Manager](https://docs.cert-manager.io/en/latest/index.html).
+If you want to keep using Traefik Proxy, high availability for Let's Encrypt can be achieved by using a Certificate Controller such as [Cert-Manager](https://cert-manager.io/docs/).
 When using Cert-Manager to manage certificates, it creates secrets in your namespaces that can be referenced as TLS secrets in your [ingress objects](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls).
 When using the Traefik Kubernetes CRD Provider, unfortunately Cert-Manager cannot yet interface directly with the CRDs.
 A workaround is to enable the [Kubernetes Ingress provider](./kubernetes-ingress.md) to allow Cert-Manager to create ingress objects to complete the challenges.

docs/content/providers/kubernetes-ingress.md

@@ -104,7 +104,7 @@ If you need Let's Encrypt with high availability in a Kubernetes environment,
 we recommend using [Traefik Enterprise](https://traefik.io/traefik-enterprise/) which includes distributed Let's Encrypt as a supported feature.
 
 If you want to keep using Traefik Proxy,
-LetsEncrypt HA can be achieved by using a Certificate Controller such as [Cert-Manager](https://docs.cert-manager.io/en/latest/index.html).
+LetsEncrypt HA can be achieved by using a Certificate Controller such as [Cert-Manager](https://cert-manager.io/docs/).
 When using Cert-Manager to manage certificates,
 it creates secrets in your namespaces that can be referenced as TLS secrets in your [ingress objects](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls).
 

docs/content/providers/marathon.md

@@ -406,7 +406,8 @@ _Optional_
 
 #### `tls.ca`
 
-Certificate Authority used for the secure connection to Marathon.
+Certificate Authority used for the secure connection to Marathon,
+defaults to the system bundle.
 
 ```yaml tab="File (YAML)"
 providers:

docs/content/providers/redis.md

@@ -106,7 +106,8 @@ _Optional_
 
 #### `tls.ca`
 
-Certificate Authority used for the secure connection to Redis.
+Certificate Authority used for the secure connection to Redis,
+defaults to the system bundle.
 
 ```yaml tab="File (YAML)"
 providers:

docs/content/providers/zookeeper.md

@@ -106,7 +106,8 @@ _Optional_
 
 #### `tls.ca`
 
-Certificate Authority used for the secure connection to ZooKeeper.
+Certificate Authority used for the secure connection to ZooKeeper,
+defaults to the system bundle.
 
 ```yaml tab="File (YAML)"
 providers: