From what I understand, the root cause for your problem is that candlepin 4.4.10 generates faulty client certs, so it is expected that all hosts registered before the upgrade to Katello 4.13 would work correctly since they got correctly generated certs from the old version. As far as I understand, you basically have two options to get back to a working system asap:
- Revert to Foreman 3.10/Katello 4.12, though this is only possible if you still have a working backup from before the upgrade and will most likely come with dataloss.
- Upgrade to Candlepin 4.4.12 or 4.4.13 and install
rng-toolsand enablerngd(or any similar service for better RNG seeding). The rootcause for the problems with Candlepin >=4.4.12 are described here, where you can also read up on other people confirming that enabling rngd is a working workaround
A proper solution would probably be to wait for another release of candlepin that actually fixes the underlying issue, but candlepin 4.4.13 with rngd is probably your fastest way to get back to a working system.