Q:
1: Have you tried pasting in via the cli?
2: Have you viewing the full certificate from the cli?
show full vpn certificate local
note: the above show command will show the private-key
3: next, you can copy the cert/private-key down and validate it with openssl
openssl x509 -noout -text -in ./cert
openssl rsa -noout -text -in ./key
note: make sure to extract the the lines with the data and created 2 files
( cert )
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
and
( key )
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
https://www.sslshopper.com/certificate-key-matcher.html
FWIW, in the past a host of problems exists with the webGUI methods and this has been fix iirc.