To configure an automated SSL certificate in FortiClient EMS: Go to System Settings > EMS Settings. Ensure that Remote HTTPS access and Redirect HTTP request to HTTPS are enabled. Externally access EMS via ports 80 and 443 is possible using the configured fully qualified domain name (FQDN). In the SSL certificate field, click the Import SSL certificate button. Select Automated. In the Domain field, enter the EMS FQDN. For the Let's Encrypt server to issue the certificate, the public DNS server must resolve the EMS FQDN to the EMS public IP address. In the Email field, enter a valid email address. If desired, enable Auto Renew. When Auto Renew is enabled, FortiClient EMS automatically renews the certificate before expiry. Select the checkbox to agree to Let's Encrypt's terms of service. Click Import. To manually upload an SSL certificate in FortiClient EMS: Go to System Settings > EMS Settings. In the SSL certificate field, click the Import SSL certificate button. Select Upload. In the Certificate field, browse to and select the desired certificate. In the Certificate Password field, configure the desired password for the certificate. Click Upload.
Are you trying to setup FGT<>EMS Cloud fabric connector? For EMS Cloud, both FGT S/N and EMS Cloud must be registered under the same FortiCloud account to form a connector. I'd advise to raise a ticket to TAC for them to check for you.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.