Powershell Invoke-Webrequest "Authentication failed because the platform does not support ephemeral keys"

Question

On Powershell 7.4, I have these code that works on Windows 10 desktop, but when I port them to Windows 2012 or 2020 server, also executing with powershell 7.4, I get error "Authentication failed because the platform does not support ephemeral keys.".

$callback = {
    param(
        $sender,
        [System.Security.Cryptography.X509Certificates.X509Certificate]$certificate,
        [System.Security.Cryptography.X509Certificates.X509Chain]$chain,
        [System.Net.Security.SslPolicyErrors]$sslPolicyErrors
    )

    # No need to retype this long type name
    $CertificateType = [System.Security.Cryptography.X509Certificates.X509Certificate2]

    # Read the CA cert from file
    $CACert = $CertificateType::CreateFromCertFile("G:\cacert.pem") -as $CertificateType

    # Add the CA cert from the file to the ExtraStore on the Chain object
    $null = $chain.ChainPolicy.ExtraStore.Add($CACert)

    # return the result of chain validation
    return $chain.Build($certificate)
}

# Assign your delegate to the ServicePointManager callback
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = $callback

$certpath = "G:\"
$pemcertfile = $certpath + "cert.pem"
$pemkeyfile =  $certpath + "cert.key"
$cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::CreateFromPemFile($pemcertfile, $pemkeyfile)

$uri = "https://someurl"

$response = Invoke-WebRequest -Uri $uri -UseBasicParsing -Certificate $cert -Method Post
$jresponse = ($response.content | Convertfrom-Json)

I read that this is because Windows prefers to store certs in the cert store. So I imported the p12 certificate into the cert store and replaced

$cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::CreateFromPemFile($pemcertfile, $pemkeyfile)

with

$cert = Get-ChildItem Cert:\LocalMachine\My\* | Where-Object { $_.Subject -match "mycert"}

This time around, I get these error

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
 ---> System.ComponentModel.Win32Exception (0x8009030D): The credentials supplied to the package were not recognized

Any advise?

PS. We need to supply the root chain cert to the URL for authentication.