Cannot configure cert-nickname in 5.2022.5

I have installed 5.2022.5 Community Edition under Ubuntu Linux v22.04. The default installation was working fine, but I wanted to upgrade the security certificate to one generated specifically for my domain rather than use the one provided with Payara, which requires the user to grant an exception in their browser. I followed the instructions on this page and everything was working fine until I got to the last step of updating the HTTP listener. Instead of success, I got the errors shown below, and now my installation is toast - I cannot do anything, including accessing the admin utility. I’m looking for a way forward other than blowing away my Payara installation and reinstalling and not proceeding with installing a new security certificate until I can find some different instructions.

/opt/payara5/bin/asadmin set configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.cert-nickname=mydomain_certificate
NCLS-ADMIN-00010
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
Command set failed.

I tried simply doing a brute force substitution in domain.xml, changing the default cert-nickname (“s1as”) to the nickname of my new certificate. However, my Payara installation remained toasted. Luckily I was able to figure out how to use keytool to remove the (bad?) certificates from keystore.jks and cacerts.jks and restore a backup copy of domain.xml and I’m back in business. I’m thinking that the SSL business is a bit of a black art that requires a professional to actually get it working, so I probably won’t try again until I have someone with the needed expertise handy.