Foreman & Apache SSL

Problem:
I’m trying to secure my Foreman 1.23.0 web frontent using a wildcard certificate for my domain (*.domain.com). I’m running Puppet v6 and have managed to use the ‘puppetserver ca setup’ commands to setup the CA and sign agent client certificates.

However, when I change my /[…]/05-fireman-ssl.conf file to use my wildcard certificate my agents start to throw this error:

Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 500 on SERVER: Server Error: Failed to find ares.beerygaz.com via
 exec: Execution of '/etc/puppetlabs/puppet/node.rb ares.beerygaz.com' returned 1

Running the command on the puppetmaster produces:

Serving cached ENC: Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate)

There are a lot of resources out there on trying to get this to work, but all seem dated or refer to files that no longer exist on the latest inplementation. Is there a definitive guide somewhere?

Expected outcome:
Agents work using Puppet CS, Foreman works using my wildcard cert.

Foreman and Proxy versions:
Foreman 1.23.0
Puppet 6.10.0

I’m in the same situation.
I tried to use a wildcard certificate for the web interface, but the proxy and puppet agent, who use SSL certificate to authenticate would fail with the wildcard.

The only way around that I found was to duplicate the 05-fireman-ssl.conf file, change the ServerName manually to the web wildcard domain, set the wildcard certificate, and use an internal domain that use the Puppet CA for the default configuration.

This is a dirty hack, as it create 2 passenger instance and which not always survive a new foreman-installer.