Because ca.cer is not a CA Root certificate. It is an Intermediate. Perhaps poor filename choice on acme.sh's part but that's what it is.
openssl verify is tricky to use correctly. See: How to verify LE cert using openssl? - #2 by _az
But, based on the error message it sounds like an outbound connection from your Foreman server install is failing. Usually your system has a set of trusted CA Roots already installed. Sounds like your Foreman does not. Or, less likely, is in a location not available to acme.sh (which uses curl I believe).
Are you trying to run acme.sh from the Foreman server install? If so, what does this show from same command prompt you started that install?
curl https://acme-v02.api.letsencrypt.org/directory