I had a quick look at this script and it seems that it is not including the Apple WWDR Certificate.
Download the WWDR certificate and convert it to PEM format:
openssl x509 -inform der -in AppleWWDRCA.cer -out AppleWWDRCA.pem
then try adjusting line 61 of the script to include it in the signature:
openssl smime -binary -sign -signer certificate.pem -inkey key.pem -passin pass:simplepassword -in "$2/manifest.json" -out "$2/signature" -outform DER -certfile "/path_to/AppleWWDRCA.pem"