If your certificate doesn't match the current private key, or is
miss formatted etc, then you may loose connection to this page
when you press 'save changes', instead use the non ssl admin port:
http://your.server:7026, examine mail.err for the cause,
remove ssl/surge_cert.pem and restart surgemail to recreate a
working unsigned certificate!
You can install your certificate manually by replacing the file
ssl/surge_cert.pem and place the intermediate certifictes in surge_chain.pem then restart surgemail.
If your certificate was created from a different private key then
also replace ssl/surge_priv.pem. If your certificate is
faulty in any way ssl will not work, in that case examine mail.err
to find the cause, and remove surge_cert.pem and restart surgemail
to recreate an unsigned but working certificate.
Lets encrypt is a free service to create SSL certificates automatically and update them each month, to use it see the instructions here.