Problem: I am obtaining certificates with certbot (not the regular letsencrypt ACME endpoint, but the ACME endpoint of the SECTIGO CA). When running “katello-certs-check” against these obtained certificates, it just complains:
[root@linux test]# katello-certs-check -c cert.pem -k privkey.pem -b chain.pem
Checking server certificate encoding:
[OK]
Checking expiration of certificate:
[OK]
Checking expiration of CA bundle:
[OK]
Checking if server certificate has CA:TRUE flag
[OK]
Checking for private key passphrase:
[OK]
Checking to see if the private key matches the certificate:
[OK]
Checking CA bundle against the certificate file:
[FAIL]
The /root/test/chain.pem does not verify the /root/test/cert.pem
C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
error 2 at 2 depth lookup: unable to get issuer certificate
error /root/test/cert.pem: verification failed
Checking CA bundle size: 2
[OK]
Checking Subject Alt Name on certificate
[OK]
Checking if any Subject Alt Name on certificate matches the Subject CN
[OK]
Checking Key Usage extension on certificate for Key Encipherment
[OK]
Checking for use of shortname as CN
[OK]
As documentation reference i used:
https://docs.theforeman.org/3.5/Installing_Server/index-katello.html#Configuring_Server_with_a_Custom_SSL_Certificate_foreman
Expected outcome: It should work 
Foreman and Proxy versions: Foreman 3.5 with Katello 4.7 on Rocky 8