Fleet server install failed on fresh ELK stack 8.2.0

Hello, i have problem to install Fleet server on fresh ELK stack 8.2.0 (RHEL 8)
Elasticsearch and kibana working fine, but when tried to install fleet server (enroll agent as fleet server, based on provided instructions from Kibana UI and/or documentation), got response:

{"log.level":"error","@timestamp":"2022-05-11T14:15:43.732+0200","log.origin":{"file.name":"status/reporter.go","file.line":236},"message":"Elastic Agent status changed to: 'error'","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-05-11T14:15:43.732+0200","log.origin":{"file.name":"log/reporter.go","file.line":36},"message":"2022-05-11T14:15:43+02:00 - message: Application: fleet-server--8.2.0[]: State changed to FAILED: Error - Forbidden - type: 'ERROR' - sub_type: 'FAILED'","ecs.version":"1.6.0"}

firs time tried as Quick-start (self signed certificate, then used certificates signed by company internal CA, still same error

any ideas?
thank

Welcome @Peter_Bodnar !

Just to confirm the issue, does this work with the --insecure flag ?

Also have you checked the permissions on the certs ? that they are readable ?

yes, certs are readable
tried also with self signed certs, same error
tried with --insecure flag, same error

What command are you running on the command line ? Is it running with sudo privileges ?

it run as root user
command from kibana UI fleet server installation (agent installed form RPM, but it doesn't matter, same problem with agnet from tar.gz) :

 elastic-agent enroll --url=https://*IP*:8220 \
  --fleet-server-es=https://*IP*:9200 \
  --fleet-server-service-token=***token generathen within Kibana UI*** \
  --fleet-server-policy=0b8fb260-cf76-11ec-b411-0bb14ba68cb2 \
  --fleet-server-es-ca-trusted-fingerprint=6206ac54e5222f6c92dd5758c932298b837c12d3a4b6fdc0e51df9c32ffe82e5 \
  --certificate-authorities=<PATH_TO_CA> \
  --fleet-server-cert=<PATH_TO_FLEET_SERVER_CERT> \
  --fleet-server-cert-key=<PATH_TO_FLEET_SERVER_CERT_KEY>