creating this post in the hopes of helping someone who might encounter this in the future 
current environment:
- OS: almalinux 10
- Using IP based shortlived ssl cert
- using fullchain.pem
encountered this after executing "dnf install pipx"
Error: Error downloading packages:
Curl error (60): SSL peer certificate or SSH remote key was not OK for https://mirrors.almalinux.org/mirrorlist/10/appstream [SSL certificate problem: unable to get local issuer certificate]
solution :
sudo yum update ca-certificates
sudo update-ca-trust extract
accdg to google
The issue can sometimes be caused by an outdated system CA trust store that doesn't include the necessary Let's Encrypt root certificates (like ISRG Root X1)