This sounds similar to Legacy algorithm for older servers - #3 by General_Louis
Did you use the 5.9x beta version at all before upgrading to 6.x? It seems like the app could be using the modern PFX encryption/signature algorithms instead of the standard “legacy” ones. I assuming you are using the PFX file and not converting to PEM etc.
Can you check that C:\ProgramData\Certify\appsettings.json has “UseModernPFXAlgs”: set to false?