If the CSR was not done on FortiGate, then a private key will be needed along with the password, if this is missing that is why an error appears regarding a key pair mismatch.

If there is no private key, then it is needed to generate a new CSR on the FortiGate and get it signed by the CA.

It is necessary to have a private key to import a server certificate in any appliance and the import method chosen is 'local Certificate' which requires a CSR (Certificate Signing Request) to generate from the FortiGate side (hold the private key in FortiGate) and then it is necessary to sign this CSR with public CA.

If CSR was not completed on FortiGate, it is necessary to write a password that was used to encrypt the key file when it was generated or exported. This password is used to ensure the security of the private key associated with the certificate.

If CSR was completed on FortiGate, write a password set while generating the CSR.

There are two methods for importing :

1. Get the certificate key and certificate in a different file, it is possible to import the same as below. Go to System -> Certificate -> Local Certificate { Certificate } then { Select certificate, Key, and passcode} provided by the vendor.
2. Check with the vendor to get the certificate in PKCS #12 format where the key and certificate are stored in the same PKCS #12 format. Go to System -> Certificate -> Local Certificate { PKCS #12 } then { Select PKCS #12 certificate and passcode} provided by godaddy vendor.

Also verify the encoding of CSR in the bottom right, if it says UTF-8-BOM then change it to UTF-8. Save the file and try again.