I don’t know what’s wrong in your case (you didn’t give the logs, and what you did yourself so that you didn’t write the error, and the telepaths are all on vacation), but most often people make mistakes in the settings of authorization mechanisms and encryption protocols.
Let's say you imported the certificate correctly, the IP and login-password also started correctly (check just in case) ...
Then give the command on the server
sudo cat /etc/ipsec.conf
and look at the last lines, they will be something like this:

eap_identity=%identity
ike=chacha20poly1305-sha512-curve25519-prfsha512,aes256gcm16-sha384-prfsha384-ecp384,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
esp=chacha20poly1305-sha512,aes256gcm16-ecp384,aes256-sha256,aes256-sha1,3des-sha1!

Go to Winbox and in IP->IPSec->Proposals compare if there are any encryption methods that are not supported by the server, leave some minimum that the server supports, for example:
sha1, sha256, aes-128, cbc, aes-192 cbc , aes-256 cbc, modp1024.
IP->IPSec->Peers check what IKE2 costs.
IP->IPSec->Identities, check MS-Chap 2.0, and eap authentication method
IP->IPSec->Profiles, check 3des

Telepaths on vacation, where are the logs, Zin? On Mikrotik, IPSec logs differ in downright senile details ...