Hi,
Thank you for the detailed description and the screenshots. For the CMG certificate, we may have something to check, for example, the purpose should contains server authentication, the service name, the deployment name, etc.
For the requirement, we may read through this article.
https://learn.microsoft.com/en-in/mem/configmgr/core/clients/manage/cmg/server-auth-cert
Here's also a nice video from former Sr PFE at Microsoft and we can follow this to check every single step to check if we miss anything.
https://setupconfigmgr.com/how-to-setup-cloud-management-gateway-cmg-in-microsoft-sccm
Note: this is just for your reference.
Hope the above information helps.
Alex
If the response is helpful, please click "Accept Answer" and upvote it.