Importing certificates into MacOS Server

Yeah, I know this is antique software. But we use it to run a shared household calendar server on an antique Mini running Sierra (the last release Server runs on), and it still works fine. Maybe a fellow antique user can help me out.

I spent like six hours tonight trying to generate a formal (not self-signed) security certificate from Let's Encrypt. (The calendar server is open to the Internet because we use it while on the road.) Much time wasted because the process needed brew, brew no longer works on Sierra, etc., etc. Finally ran the certificate generation process from a more modern machine, and copied the resulting files over to the old Mini. This ---> <--- close to success, right?

I can't get Server to import the private key.

When I drag the "privkey1.pem" file into the box that says "Drag a file containing your private key here," I get an error dialog box saying that the contents are unrecognizable. It surely looks well-formed to me in Text Edit.

Do I perhaps have a suffix issue? I see a lot of hints on the web that talk about installing files to OS Server that end in .crt and .p12 . I did notice that although Server doesn't outright reject the other three files, it bundles them in as "extra non-identity certificates" and doesn't recognize the public certificate file for what it is.

As a test, I dragged all these files into Keychain Access. The cert1.pem file seemed to create a well-formed certificate, and the other two at least weren't rejected, though I'm not sure where they went, if anywhere... but the privkey1.pem file got rejected. For giggles, I exported the certificate, which created a .crt file (hm!). I tried feeding that into Server, but it stuck it under "extra non-identity certificates" again.

I'm bumfuzzled, bleary-eyed, and going to bed.

Appreciate any assistance.