Hi guys! I want to change foreman SSL certs for foreman site to valid one
but I met same problems that was described discussed here already, but I
can't fix my problems… Please help me.

so

my foreman.conf:

File managed with puppet

Module: 'foreman'

Template source: 'MODULES/foreman/templates/foreman-vhost.conf.erb'

<VirtualHost *:80>
ServerName puppet-master.mycompany.com
ServerAlias foreman

DocumentRoot /usr/share/foreman/public
PassengerAppRoot /usr/share/foreman
PassengerRuby /usr/bin/ruby193-ruby

AddDefaultCharset UTF-8

Static public dir serving

<Directory /usr/share/foreman/public>

<IfVersion < 2.4>
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>

</Directory>

<Directory /usr/share/foreman/public/assets>

Use standard http expire header for assets instead of ETag

<IfModule mod_expires.c>
Header unset ETag
FileETag None
ExpiresActive On
ExpiresDefault "access plus 1 year"
</IfModule>

Return compressed assets if they are precompiled

<IfModule mod_rewrite.c>
RewriteEngine on
# Make sure the browser supports gzip encoding and file with .gz added
# does exist on disc before we rewrite with the extension
RewriteCond %{HTTP:Accept-Encoding} \b(x-)?gzip\b
RewriteCond %{REQUEST_FILENAME}.gz -s
RewriteRule ^(.+) $1.gz [L]
# Set headers for all possible assets which are compressed
<FilesMatch .css.gz$>
ForceType text/css
Header set Content-Encoding gzip
SetEnv no-gzip
</FilesMatch>
<FilesMatch .js.gz$>
ForceType text/javascript
Header set Content-Encoding gzip
SetEnv no-gzip
</FilesMatch>
</IfModule>

</Directory>

</VirtualHost>

<VirtualHost *:443>
ServerName puppet-master.mycompany.com
ServerAlias foreman

DocumentRoot /usr/share/foreman/public
PassengerAppRoot /usr/share/foreman
PassengerRuby /usr/bin/ruby193-ruby

AddDefaultCharset UTF-8

Static public dir serving

<Directory /usr/share/foreman/public>

<IfVersion < 2.4>
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>

</Directory>

<Directory /usr/share/foreman/public/assets>

Use standard http expire header for assets instead of ETag

<IfModule mod_expires.c>
Header unset ETag
FileETag None
ExpiresActive On
ExpiresDefault "access plus 1 year"
</IfModule>

Return compressed assets if they are precompiled

<IfModule mod_rewrite.c>
RewriteEngine on
# Make sure the browser supports gzip encoding and file with .gz added
# does exist on disc before we rewrite with the extension
RewriteCond %{HTTP:Accept-Encoding} \b(x-)?gzip\b
RewriteCond %{REQUEST_FILENAME}.gz -s
RewriteRule ^(.+) $1.gz [L]
# Set headers for all possible assets which are compressed
<FilesMatch .css.gz$>
ForceType text/css
Header set Content-Encoding gzip
SetEnv no-gzip
</FilesMatch>
<FilesMatch .js.gz$>
ForceType text/javascript
Header set Content-Encoding gzip
SetEnv no-gzip
</FilesMatch>
</IfModule>

</Directory>

Use puppet certificates for SSL

SSLEngine On

THIS IS MY DEFAULT VALUES