Hi,
By default the modern algorithms should be disabled in the current version - were you previously using a beta version (5.9.x)? We later found that some older windows servers couldn’t use the modern settings either.
If you open C:\ProgramData\certify\appsettings.json in an editor is "UseModernPFXAlgs": false ? If true, set it back to false and re-request your certificate.
If it’s set to false already, it could be that the app doesn’t like the EC 256 private key type we now use by default, in which case edit Certificate > Advanced > Signing & Security and change the key type to RSA 2048, then request your certificate again.