I tried to replicate that with a read-only user, but the "add certificate" (plus) button is disabled in that case, too. I couldn't make WinBox exhibit the symptom your screenshots show.
Until you get this fixed, can you work around it with
the equivalent CLI commands? If those also don't work, the resulting errors might be enlightening.
Incidentally, I'd recommend getting off SSTP. Being tied to the obsolete SSL 3.0 protocol, it's vulnerable to
the POODLE attack. Also, being firmly TCP-based, SSTP is subject to
TCP meltdown.
Switching to WireGuard would solve both problems: simple random Base64 strings to copy around instead of complicated self-signed X.509 certificates, and UDP transport.