@sorvani Thank you for battling this for … years. I had an issue come up where soft phones no longer registered to pjsip over tls using certman managed letsencrypt certs but if I did my own thing with acme.sh or straight certbot they worked fine.
I found your thread here and figured I might try
sed -i 's/4096/2048/g' /var/www/html/admin/modules/certman/vendor/analogic/lescript/Lescript.php
just to see if it makes any difference and it did!