ClientVPN Mutual Auth Server Cert missing domain name thus fails to work with ClientVPNEndpoint

I'd like to use the Mutual Auth option for Client VPN for a small startup I'm supporting. At this time AD or SAML 2.0 are not something they want to support due to the diverse team and contract task development. They would like to use Mutual Auth to keep it simple and quick. I've tried following the steps on Mutual authentication yet every time I get a Server Cert that doesn't have domain name. When attempting to use this cert in a CloudFormation template I get a deployment error as follows: Certificate arn:aws:acm:us-east-1:123456789012:certificate/abc60e04-42bd-1122-b1af-9c8ba39445cf does not have a domain (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 36ceea5b-9dd0-46c8-9d4b-b2ab92ee90ad; Proxy: null Trying to create the Client VPN Endpoint in the console doesn't even offer the server cert. I tried this a two different AWS accounts and followed the above steps several times and each time I get the same result.t

Another interesting output is if a cert doens't have a domain name the cert will not show up when issue the cli command aws acm list-certificates either.

And yes I tried making a vars file with the domain name but that doesn't work to add a SNA to the cert, it does work to change the expiration of the cert so I did confirm the var file is processed when making the certs.

FWIW: I made this would about 9 months ago and something has changed that I have yet to figure out.

Thanks for the help.