Add custom certificate to sign-in page fail

When trying to update my private key, certificate and certificate chain, OKTA is complaining that the certificate must be of 2048-bits in length, even though the documentation states that it can be up to 4096.

I’m using a letsencrypt-generated certificate and it’s a pain that I can’t simply update the existing certificate. This is causing users problems to users of my app who can no longer login to it.

https://developer.okta.com/docs/guides/custom-url-domain/enable-the-custom-domain/

Generating a LE certificate with 2048 bits works correctly

okta only supports 2048 bit keys for that at the moment
this is specified under caveats at Before you begin | Okta Developer