Finally figured out the issue, and I’m embarrassed to admit it: I was trying to add the cert to the web server directly, when I needed to add it to the load balancer that was set up through Forge. Once I did that, it solved my problem.
Sorry for the runaround and headaches.