HTTPS Provisioning failing with Yealink T42S

Our PBX is hosted with a valid SSL certificate. Mapped extension to phone and pbx can see/ping the phone and push update requests. However, when the phone reboots, it seems the configuration isn’t downloading/being applied. I’ve verified that the phone has the correct provisioning server along with user ID/password. Currently both HTTP/HTTPS is allowed. Connecting through the HTTP port works, but not the HTTPS port.

I’ve added some BLF keys under the template to test with. Nothing changes on the phone. This phone is not on the same network as the PBX, it is outside.

Some yealink models and firmware versions don’t work with certain certificates. Let’s Encrypt had an issue with a batch of T28’s I was working on but not the T29’s’.