It appears the certificate used to auth the client has expired. Here's the line from repo file referencing it:
And here's that cert info (note the expiry date):
openssl x509 -noout -text -in /etc/pki/rhui/product/content-rhel8-eus.crt Certificate: Data: Version: 3 (0x2) Serial Number: 17 (0x11) Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = Washington, L = Redmond, O = Microsoft, OU = Azure Validity Not Before: Feb 24 18:41:14 2021 GMT Not After : Feb 24 18:41:14 2023 GMT Subject: CN = Redhat Update Infrastructure (rhel8-eus-20210224), O = Azure, OU = Azure public
The fix is to install the repo update package with one time disable/enable of the other repos:
dnf update --disablerepo=* --enablerepo='*microsoft*' rhui-azure-rhel8-eus.
This will update the client cert and then the updates can be installed in usual way without resorting to hacks like the one above.
Oh, M$... (facepalm)
This solved it, you can also find the orignial answer to this by M$ here -> https://learn.microsoft.com/en-us/azure/virtual-machines/workloads/redhat/redhat-rhui#update-expired-rhui-client-certificate-on-a-vm