During PXE provisioning curl fails to download https://foreman/installmedia/centos75/LiveOS/squashfs.img because it cannot find the Foreman CA in the local /etc/pki/tls/ca-bundle.pem.
Allowing the provisoned server to go to dracut rescue mode and manually appending the Foreman CA cert to /etc/pki/tls/ca-bundle.pem and manually running “curl https://foreman/installmedia/centos75/LiveOS/squashfs.img” will download the file but we can’t do that during provisioning. Nor can we run “curl -k”
Fix is to edit the kickstart_default_pxelinux template to add “inst.noverifyssl” to the Anaconda options.
# Tell Anaconda what to pass off to kickstart server
# both current and legacy syntax provided
options.push("kssendmac", "ks.sendmac", "inst.ks.sendmac", "inst.noverifyssl")