The Link Shortening and Click Tracking features of Twilio require a specific format for private keys, with PKCS #8 being the only supported format. Users may experience errors if their private key is in the wrong format or syntax, and manual editing of the key can be challenging. Converting a PKCS #12 private key to a PKCS #8 private key requires using OpenSSL tools, such as `openssl pkcs12 -in {input PKCS #12 file} -nocerts -nodes -out privkey.pem` followed by `openSSL pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in {input PKCS #12 file} -out {output PKCS #8 file}`. Additionally, users must ensure that their certificate has an explicitly defined domain name and not rely on wildcard certificates or Subject Alternative Names, as these can cause errors during upload. The TLS certificate and private key must be in PEM format to upload properly, and AWS ACM cannot export private keys, which limits its compatibility with Twilio's Link Shortening and Click Tracking offerings.