[Katello] Custom certificate problem

Problem: I am obtaining certificates with certbot (not the regular letsencrypt ACME endpoint, but the ACME endpoint of the SECTIGO CA). When running “katello-certs-check” against these obtained certificates, it just complains:

[root@linux test]# katello-certs-check -c cert.pem -k privkey.pem -b chain.pem
Checking server certificate encoding:

Checking expiration of certificate:

Checking expiration of CA bundle:

Checking if server certificate has CA:TRUE flag

Checking for private key passphrase:

Checking to see if the private key matches the certificate:

Checking CA bundle against the certificate file:

The /root/test/chain.pem does not verify the /root/test/cert.pem
C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
error 2 at 2 depth lookup: unable to get issuer certificate
error /root/test/cert.pem: verification failed

Checking CA bundle size: 2

Checking Subject Alt Name on certificate

Checking if any Subject Alt Name on certificate matches the Subject CN

Checking Key Usage extension on certificate for Key Encipherment

Checking for use of shortname as CN

As documentation reference i used:

Expected outcome: It should work :slight_smile:

Foreman and Proxy versions: Foreman 3.5 with Katello 4.7 on Rocky 8

As the errors tell you:

I would say your chain is missing the root CA.