Downloaded client configuration file does not work as is

A client VPN certificate expired. I created a new endpoint. I downloaded the file.

CONTENTS:

client
dev tun
proto udp
remote ENDPOINT-URL.clientvpn.us-east-1.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>
-----BEGIN CERTIFICATE-----
CERT-VALUE
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CERT-VALUE
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
CERT-VALUE
-----END CERTIFICATE-----
</ca>


reneg-sec 0

verify-x509-name PRIVATE-URL name

This format is NOT the same as the previous certificate.

It has no <cert /> or <key /> sections and it has the odd line at the end.

Tried as is, it fails to create the profile in ClientVPN. The config should have either cert and key, auth-user-pass or auth-federate specified.

I modified Line 4 to have the random value asdf. to the beginning. It still fails to create the profile with the same error.

I modified the file further to surround the first CERT-VALUE with <ca />, the second with <cert />, and the last with <key />. I also removed the last line of the file. I could now create the profile.

Upon connection, I get: The VPN process failed to start. The port is already in use by another process.. Which it is not as this is a documented mis-identification that points at the config file for errors.

I am not sure where to go from here.

EDIT:
My OS: Mac My VPN: AWS ClientVPN

Other user that gets same errors: OS: Windows VPN: OpenVPN

Also, I've verified the file encoding is UTF-8