ACM assisted service could not get release image from private self-signed certificate registry when create cluster

OpenShift 4.12.11
ACM 2.7.3

Always

Install OCP 4.12.11
Install ACM 2.7.3 Operator
Create MultiClusterHub Instance

# cat > assisted-installer-mirror-config.yaml <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
  name: assisted-installer-mirror-config
  namespace: multicluster-engine
  labels:
    app: assisted-service
data:
  ca-bundle.crt: |
    -----BEGIN CERTIFICATE-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
    zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
    -----END CERTIFICATE-----
  registries.conf: |  
    unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]
     [[registry]]
        prefix = ""
        location = "quay.io/openshift-release-dev/ocp-release"
        [[registry.mirror]]
          location = "registry.example.com:8443/openshift/release-images"
     [[registry]]
        prefix = ""
        location = "quay.io/openshift-release-dev/ocp-v4.0-art-dev"
        [[registry.mirror]]
          location = "registry.example.com:8443/openshift/release"
     [[registry]]
        prefix = ""
        location = "registry.redhat.io/multicluster-engine"
        [[registry.mirror]]
          location = "registry.example.com:8443/multicluster-engine"
EOF

# oc apply -f assisted-installer-mirror-config.yaml

# cat > agent-service-config.yaml <<EOF
apiVersion: metal3.io/v1alpha1
kind: Provisioning
metadata:
  name: provisioning-configuration
spec:
  provisioningNetwork: Disabled
  watchAllNamespaces: true

apiVersion: agent-install.openshift.io/v1beta1
kind: AgentServiceConfig
metadata:
 name: agent
spec:
  databaseStorage:
    accessModes:
    - ReadWriteOnce
    resources:
      requests:
        storage: 10G
  filesystemStorage:
    accessModes:
    - ReadWriteOnce
    resources:
      requests:
        storage: 100G
  imageStorage:
    accessModes:
    - ReadWriteOnce
    resources:
      requests:
        storage: 50G
  mirrorRegistryRef:
    name: assisted-installer-mirror-config
EOF

# oc apply -f agent-service-config.yaml

# oc edit ClusterImageSet/img4.12.11-x86-64-appsub
    visible: "true"

In ACM console, create a cluster with Host inventory > Standalone control plane > Use existing hosts

Infrastructure provider credential: comtech
Cluster name: west
Cluster set: default
Base domain: example.com
OpenShift version: 4.12.11

Check Install single node OpenShift (SNO) 

Click Next
Click Next
Click Save

An error occured

The Spec could not be synced due to backend error: failed to add release image 'quay.io/openshift-release-dev/ocp-release:4.12.11-x86_64'. Please ensure the releaseImage field in ClusterImageSet 'img4.12.11-x86-64-appsub' is valid (error: command 'oc adm release info -o template --template '{{.metadata.version}}' --insecure=false --icsp-file=/tmp/icsp-file2611984229 quay.io/openshift-release-dev/ocp-release:4.12.11-x86_64 --registry-config=/tmp/registry-config1111849766' exited with non-zero exit code 1: warning: --icsp-file only applies to images referenced by digest and will be ignored for tags error: unable to read image quay.io/openshift-release-dev/ocp-release:4.12.11-x86_64: Get "https://quay.io/v2/": x509: certificate signed by unknown authority ).
 

ACM assisted service could not get release image from a self-signed certificate registry, error with x509: certificate signed by unknown authority

ACM assisted service gets release image from self-signed certificate registry successfully