Failed to connect Ignition OPC-UA server using Sign And Encrypt mechanism via Python OPC-UA client

It looks like the most recent error in the logs doesn’t have anything to do with certificates now:

E [o.e.m.o.s.s.t.u.UascServerAsymmetricHandler] [12:54:16]: Error installing security token: StatusCode{name=Bad_SecurityChecksFailed, value=0x80130000, quality=bad} 
org.eclipse.milo.opcua.stack.core.UaException: no matching endpoint found: transportProfile=TCP_UASC_UABINARY, endpointUrl=opc.tcp://192.168.47.128:62541/discovery, securityPolicy=Basic256Sha256, securityMode=SignAndEncrypt
 	at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.lambda$openSecureChannel$3(UascServerAsymmetricHandler.java:397)
 	at java.base/java.util.Optional.orElseThrow(Unknown Source)
 	at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.openSecureChannel(UascServerAsymmetricHandler.java:387)
 	at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.lambda$sendOpenSecureChannelResponse$1(UascServerAsymmetricHandler.java:298)
 	at org.eclipse.milo.opcua.stack.core.channel.SerializationQueue.lambda$encode$0(SerializationQueue.java:52)
 	at org.eclipse.milo.opcua.stack.core.util.ExecutionQueue$Task.run(ExecutionQueue.java:119)
 	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
 	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
 	at java.base/java.lang.Thread.run(Unknown Source)

This means your client is trying to open a secure channel at the discovery endpoint (opc.tcp://192.168.47.128:62541/discovery), not the session endpoint (opc.tcp://192.168.47.128:62541).

These are 2 separate endpoints. The discovery endpoint offers unsecured discovery services. The session endpoint, by default, requires security for any connection and offers both discovery and the regular session services.