Description of problem:

Unsure how exactly this happened (and that's the main reason for opening the issue), but some hosts started returning this error when trying to fetch content:

 
Problem with the local SSL certificate for <URL OF REPO> [unable to set private key file: '/etc/pki/entitlement/6933328231652563686-key.pem' type PEM]
 

Further investigation showed that the entitlement certificate and the respective key are not a pair.

Removing the files and running `subscription-manager refresh` brings the same bad pair of files.

Running `subscription-manager refresh --force` brings a good pair of files.

Querying the database, we can see the cert and privatekey stored there are indeed wrong.

select encode(cert, 'escape') from cp_cont_access_cert where serial_id = '4273092091889370489' 

select encode(privatekey, 'escape') from cp_cont_access_cert where serial_id = '4273092091889370489'

The queries above can bring the private key and the base certificate. Their modulus don't match.