This command will engage in SNI negotiations, but it also shows the fake cert, which reinforces the idea that the certificate secret hasn't been attached to the Ingress.
openssl s_client -connect ak.modusresearch.com:443 -servername ak.modusresearch.com -showcerts </dev/null | openssl x509 -noout -text