Description of problem:

There is a piece of missing information, which apparently is required to complete the steps for replacing default ingress certificates:
 
https://docs.openshift.com/container-platform/4.12/security/certificates/replacing-default-ingress-certificate.html
 
According to the Customer:

The documentation says this: "The certificate file can contain one or more certificates in a chain. The wildcard certificate must be the first certificate in the file. It can then be followed with any intermediate certificates, and the file should end with the root CA certificate."
 
We followed the instructions and applied the new certificate, and the new cert was applied to the router successfully. However, we ran into this issue and fix related to the Authentication operator: https://access.redhat.com/solutions/6984698 Which basically told us to add an additional 'carriage return' at the end of the certificate file that was applied to the ingress secret. Once we added the carriage return and applied the new secret, everything started working.
 
This requirement of a final 'carriage return' should be documented in the normal documentation and not only in a KB article, or this issue should be patched as a bug.