CoAP Secure use x509 Certificate

I execute CoAP Secure connect use "x509 Certificate" always disconnect,
But CoAP Secure connect use psk is success.
where did I get wrong in CoAP Secure Initial use x509 Certificate

Env: nRF52840, nrfconnect 2.1.0, zephyr

X509 Certificate data From /opt/nordic/ncs/v2.1.0/Modules/lib/openthread/src/cli/x509_cert_key.hpp

Server CoAP Secure Initial code:

# if IS_ENABLED(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
// USE PSK
    otCoapSecureSetPsk( srv_context.ot, "123", sizeof("123"), "mypskid", sizeof("mypskid") );
    otCoapSecureSetSslAuthMode( srv_context.ot, true );
    
    otCoapSecureSetDefaultHandler( srv_context.ot, coap_default_handler, NULL );
    otCoapSecureAddResource( srv_context.ot, &light_resource );
    otCoapSecureAddResource( srv_context.ot, &provisioning_resource );

    error = otCoapSecureStart( srv_context.ot, OT_DEFAULT_COAP_SECURE_PORT );
    if (error != OT_ERROR_NONE) {
        LOG_ERR("Failed to start OT CoAP Secure PSK. Error: %d", error);
        goto end;
    }

# else
// USE X509
    otCoapSecureSetCertificate( srv_context.ot, 
        MY_OT_CLI_COAPS_X509_CERT, sizeof(MY_OT_CLI_COAPS_X509_CERT),
        MY_OT_CLI_COAPS_PRIV_KEY, sizeof(MY_OT_CLI_COAPS_PRIV_KEY) );

    otCoapSecureSetCaCertificateChain( srv_context.ot,
        MY_OT_CLI_COAPS_TRUSTED_ROOT_CERTIFICATE,
        sizeof(MY_OT_CLI_COAPS_TRUSTED_ROOT_CERTIFICATE) );
    
    
    otCoapSecureSetSslAuthMode( srv_context.ot, true );
    
    otCoapSecureSetDefaultHandler( srv_context.ot, coap_default_handler, NULL );
    otCoapSecureAddResource( srv_context.ot, &light_resource );
    otCoapSecureAddResource( srv_context.ot, &provisioning_resource );

    error = otCoapSecureStart( srv_context.ot, OT_DEFAULT_COAP_SECURE_PORT );
    if (error != OT_ERROR_NONE) {
        LOG_ERR("Failed to start OT CoAP Secure X509. Error: %d", error);
        goto end;
    }

# endif // end of IS_ENABLED(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)

Client CoAP Secure Initial code:

# if IS_ENABLED(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
// USE PSK
    otCoapSecureSetPsk( m_otIntance, "123", sizeof("123"), "mypskid", sizeof("mypskid") );
    otCoapSecureSetSslAuthMode( m_otIntance, true );
    
    error = otCoapSecureStart( m_otIntance, OT_DEFAULT_COAP_SECURE_PORT );
    if (error != OT_ERROR_NONE) {
        LOG_ERR("Failed to start OT CoAP Secure PSK. Error: %d", error);
        return;
    }

# else
// USE X509
    otCoapSecureSetCertificate( m_otIntance, 
        MY_OT_CLI_COAPS_X509_CERT, sizeof(MY_OT_CLI_COAPS_X509_CERT),
        MY_OT_CLI_COAPS_PRIV_KEY, sizeof(MY_OT_CLI_COAPS_PRIV_KEY) );

    otCoapSecureSetCaCertificateChain( m_otIntance,
        MY_OT_CLI_COAPS_TRUSTED_ROOT_CERTIFICATE,
        sizeof(MY_OT_CLI_COAPS_TRUSTED_ROOT_CERTIFICATE) );

    otCoapSecureSetSslAuthMode( m_otIntance, true );

    error = otCoapSecureStart( m_otIntance, OT_DEFAULT_COAP_SECURE_PORT );
    if (error != OT_ERROR_NONE) {
        LOG_ERR("Failed to start OT CoAP Secure X509. Error: %d", error);
        return;
    }

# endif // end of IS_ENABLED(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)

Client CoAP Secure connect:

void CoapsHandleConnected(bool aConnected, void *aContext)
{
    if(aConnected) {
        LOG_INF("Connected");
    }
    else {
        LOG_INF("Disconnect");
    }
}


static void send_provisioning_request(struct k_work *item)
{
    ARG_UNUSED(item);
    
    // CoAP Secure
    if( !otCoapSecureIsConnectionActive( m_otIntance ) ) {
        otError error;
        otSockAddr sockAddr;
        error = otIp6AddressFromString( "fdde:ad00:beef:0:b636:5398:5f11:85c4", &sockAddr.mAddress );
        if( error != OT_ERROR_NONE ) {
            LOG_INF("otIp6AddressFromString error.");
            return;
        }
        sockAddr.mPort = OT_DEFAULT_COAP_SECURE_PORT;
        otCoapSecureConnect( m_otIntance, &sockAddr, CoapsHandleConnected, NULL );
    }
    else {
        otCoapSecureDisconnect( m_otIntance );
    }

}