so here is my test setup, I write something "hello world", created its hash, created signature of hash from private key, then using this openssl command, i can get same hash from which signature was generated
openssl rsautl -verify -inkey pubkey.pem -pubin -keyform PEM -in signature
Next I downloaded stackexchange.com public certificate, extracted signature from certificate, decrypted signature from CA (Let's Encrypt) public key, that is OK but result don't match hash of stackexchange public certificate. what I'm doing wrong?