I know @ananace has some hands on experience with iPXE. Is my understanding correct, that you are trying to boot iPXE over TFTP and let iPXE downloading Alma’s kernel and initramdisk over http? Can you capture the Foreman’s production.log from.when the machine tries to boot? And also proxy.log from the smart proxy.
From the error, it looks like you’re not using a NIC/VM with an embedded iPXE firmware - the error (PXE-E23) is not an iPXE error, and iPXE shouldn’t be able to emit a TFTP error on an http URL either.
Are you wanting to chainload iPXE instead? iPXE - open source boot firmware [howto:chainloading]
The easiest method to get off the ground without iPXE as embedded boot firmware is to build iPXE binaries (undionly.kpxe/snponly.efi) with a baked script, and have them boot http://your-foreman.example.com/unattended/iPXE?bootstrap=true.
Foreman would expect such binaries to be called undionly-ipxe.0 and ipxe.efi on your TFTP for iPXE Chain BIOS/UEFI respectively.
If you are looking to have iPXE embedded though, then you likely haven’t flashed the boot ROM correctly.