When you acquire a certificate from a signed authority, make sure you download the appropriate certificate for the NGINXweb server.
Upload .crt file along with the private key which you got while generating CSR.
Make sure .crt have proper chain intact RootCA-Intermeidate CA-Singed certificate. If certificate is singed directly by root CA then we dont have intermediate CA in chain.
Try upload .crt file, if that does not work, check if chain is intact if not extract ca-bundle file which contian all the root and intermediate CA certiifcate details. Copy each file and paste in order in notepad, once done save the file in .crt or .pem format and upload.
Regards,
Pavan
If my post address your query give kudos:)