That looks like you’re installing puppet from EPEL which we don’t support.
This is incomplete. You’re missing --foreman-proxy-puppet false --foreman-proxy-puppetca false.
It looks like you’re installing Foreman without Puppet but the default foreman scenario relies on Puppet as a CA to generate certificates. If you don’t want Puppet, you must provide Foreman and Foreman Proxy with other certificates.
I have been wanting to write a blog about this for about 2 years but it hasn’t gotten out of draft so I’ll share the relevant bits. Here I assume in /etc/ownca there are certificates.
OWNCA=/etc/ownca
foreman-installer \
--no-enable-puppet \
--foreman-proxy-puppet false \
--foreman-proxy-puppetca false \
--foreman-proxy-ssl-ca $OWNCA/cacert.crt \
--foreman-proxy-ssl-cert $OWNCA/$HOSTNAME/$HOSTNAME.crt \
--foreman-proxy-ssl-key $OWNCA/$HOSTNAME/$HOSTNAME.key \
--foreman-server-ssl-ca $OWNCA/cacert.crt \
--foreman-server-ssl-chain $OWNCA/cacert.crt \
--foreman-server-ssl-cert $OWNCA/$HOSTNAME/$HOSTNAME.crt \
--foreman-server-ssl-key $OWNCA/$HOSTNAME/$HOSTNAME.key \
--foreman-server-ssl-crl "" \
--foreman-client-ssl-ca $OWNCA/cacert.crt \
--foreman-client-ssl-cert $OWNCA/$HOSTNAME/$HOSTNAME.crt \
--foreman-client-ssl-key $OWNCA/$HOSTNAME/$HOSTNAME.key
Note that you must ensure these files are readable by both foreman and foreman-proxy.