Google managed prometheus breaks when Application started with TLS in GKE

Question

I have an app running on GKE, I enable Google managed prometheus, all is working. I stop the app, start it with TLS for external communications, and the monitoring service gives error about not being able to validate certificate. I am using pod monitor as suggested by GMP docs, and there is no TLS config for that. just for alert manager and prometheus operator, which I don't think is what I am looking for, as GKE runs the operator on its own. as a user I just create pod monitor to point it to the app to monitor.

the error I get on my application,

2024-03-01 13:07:03,833 ERROR [prometheus-metrics-server-0] HOST: Failed to process request.
io.netty.handler.codec.DecoderException: io.netty.handler.ssl.ReferenceCountedOpenSslEngine$OpenSslHandshakeException: error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE

I am expecting some TLS config in Pod monitoring config.

my podmonitor.yaml

# see https://github.com/GoogleCloudPlatform/prometheus-engine/blob/v0.7.0/doc/api.md  for more fields
# if we use TLS, we need to configure a TLSConfig
apiVersion: monitoring.googleapis.com/v1
kind: PodMonitoring
metadata:
  name: google-prom
  labels:
    examplelabel: test123
    examplelabel2: test1234
spec:
  selector:
    matchLabels:
      name: voltdb-cluster
      #app.kubernetes.io/name: voltdb-cluster
  endpoints:
  # this should be >= the interval that we create the metrics for
  - interval: 10s
    # the default is /metrics
    path: /metrics
    port: 11781
    scheme: https
    metricRelabeling:
    - action: drop
      regex: connection_.*
      sourceLabels: [__name__]
  targetLabels:
    metadata:
    - node
    - container
    - pod
    fromPod:
    - from: clustertype
      to: clustertype
    - from: testname
      to: testname
    - from: testid
      to: testid
    - from: branch
      to: branch