Smart Proxy puppetca acting up

Platform: RHEL 6.6 x86_64
Foreman Version: 1.6.1

Just yesterday things seemed hunkey dory with my Foreman host and I even
told my project manager "It's up and running" so she could dutifully mark
it as done in Rally.

Today I go to show someone how to add a new master to the mix and when we
go to the part of listing the certs from the proxy I get this message:

Warning!ERF12-5356 [ProxyAPI::ProxyException]: Unable to get PuppetCA
certificates ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy
https://mtanjv9nspg01.nvp.cip.att.com:8443/puppet/ca
Rats… foiled again.

So I turn the log level for the foreman-proxy up to debug level and "tail
-f" the proxy.log file and I see.

135.182.138.155 - - [02/Apr/2015 18:54:52] "GET HTTP/1.1" 406 74 0.0674
135.182.138.155 - - [02/Apr/2015 18:58:09] "GET /features HTTP/1.1" 200 36
0.0008
D, [2015-04-02T19:00:31.337297 #59157] DEBUG – : Found puppetca at
/usr/bin/puppet
D, [2015-04-02T19:00:31.337435 #59157] DEBUG – : Found sudo at
/usr/bin/sudo
D, [2015-04-02T19:00:31.337485 #59157] DEBUG – : Executing /usr/bin/sudo
-S /usr/bin/puppet cert --ssldir /var/lib/puppet/ssl --list --all
W, [2015-04-02T19:00:31.403424 #59157] WARN – : Failed to run puppetca:
E, [2015-04-02T19:00:31.403720 #59157] ERROR – : Failed to list
certificates: Execution of puppetca failed, check log files
135.182.138.155 - - [02/Apr/2015 19:00:31] "GET HTTP/1.1" 406 74 0.0674

OK… so something is wrong with sudo…

I check the sudoers file and what I need is in there…

I su - foreman-proxy and run the command string that shows up in the logs
and it runs and returns valid output.

I change the userid the proxy runs at to root. Still fails with the same
error… hmm…

I go to the foreman production log and see something interesting:
Started GET "/smart_proxies/2-master/puppetca" for 135.28.170.143 at
2015-04-02 19:04:45 +0000
Processing by PuppetcaController#index as HTML
Parameters: {"smart_proxy_id"=>"2-master"}
Operation FAILED: ERF12-5356 [ProxyAPI::ProxyException]: Unable to get
PuppetCA certificates ([RestClient::NotAcceptable]: 406 Not Acceptable) for
proxy https://mtanjv9nspg01.nvp.cip.att.com:8443/puppet/ca
Rendered common/500.html.erb within layouts/application (3.7ms)
Rendered layouts/base.html.erb (1.2ms)
Completed 500 Internal Server Error in 156ms (Views: 6.2ms | ActiveRecord:
0.7ms)

Any thoughts anybody? This is a show stopper at this point.