Running the keytool -list -keystore CCC.keystore -v command verifies the certificates validity and it's a copy of a wildcard cert used on other resources without error.
Sure, first of all it seems that you're trying Metabase Enterprise. We provide support for testers of the Enteprise edition if needed.
Regarding this issue: which domain you generated the certificate for and why are you using an IP address to connect to Metabase instead of a hostname?
I would strongly suggest that you do this with a reverse proxy rather than using JETTY directly to do SSL termination (the reverse proxy is faster, you can do HTTP/2, and you don't use the precious resources of Metabase for encrypting/decrypting traffic)
here's a docker-compose of the solution I would do in your case: