Gitlab Pages custom domain import internal certificate fail

Gitlab 18.2.5 on Debian 13 (until trixie release version).

Configured Gitlab Pages with wildcard TLS support using own subdomain as *.subdomain1.example.com. Gitlab Pages external url is subdomain1.example.io

There is problem when configuring custom domain for the first project using PAGES with forced HTTPS. Importing commercial CA wildcard crt + intermediate for *.example.com (3 levels) is successful. Importing internal CA wildcard crt + intermediate for *.subdomain2.example.io (4 levels) fails with error

Certificate certificate has expired Certificate misses intermediates

Tried import with all those combinations:

1. crt + intermediate

2. crt + empty row + intermediate

3. crt + intermediate + root

4. crt + empty row + intermediate + empty row + root

…etc

Internal certificate is widely used and not expired - tested multiple subdomains. Can somebody confirm that internal certificate for 4 levels domain works? Or what certificate order is needed?