@richbayliss nevermind found the issue. Changes work perfectly, thanks for your efforts on this one as I think it really simplifies the deployment and usage of openBalena in a secure manner.
For anyone else trying this out add the -c flag to quickstart script when setting up your openBalena server.
If you have any issues tail to cert-provider containers logs. In my case it was indicated DNS resolution failure for the DNS name I provided to quickstart. This was due to delay in propagation of DNS changes I had made right prior to start openBalena. After waiting for DNS name to propagate and restarting openBalena environment it all works now.
The only other questions I had are in terms of certificate renewal for both the openBalena server and devices. Is that automated or is there some sort of process required.