Hi @astrava,
Not really sure about the point you’re trying to make with the curl CLI output:)
We already know you set up a self signed cert and have no CA and that curl CLI will fail unless you pass -k.
The kaltura code base [and several of the sanity tests] does not use curl CLI but the PHP curl extension [since the entire server side is written in PHP]. The Admin Console and batch code checks the directives in admin.ini and batch.ini to determine whether to set the CURLOPT_SSL_VERIFYPEER option [the parallel of the CLI -k] to true or false but the sanity scripts do not support this option and so, they will fail.
In regards to letsencrypt, like I said, it will only work if the domain is accessible from www because certbot places a simple verification code in your docroot and then tries to access it from outside to make sure this domain is really mapped to the server you are running certbot from.