I was trying to update my FTD from 7.0.4 to 7.2.5 and the upgrade was always failing with a Java error at about 38% and then reverting back. 

Eventually I discovered that the webserver certificate was expired. Trying to replace the certificate with a CA signed certificate is failing with "SSP server unavailable" error. 

Here is what I have done to fix this.  These steps worked for me in both in 7.0.4 and 7.2.4. You can't replace the webserver certificate with a CA signed certificate but you can replace it with a self signed certificate on the firepower itself.

1. ssh to your firepower (with FDM)

2. go to expert mode

3. sudo su

4. cd /etc/ssl

5. Generate - CSR request

openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out firepower.csr

6. Sign the "self signed" certificate

openssl x509 -req -days 825 -in firepower.csr -signkey private.key -out server.pem

7. Replace the certificate and private key in DefaultWebserverCertificate (firepower/Objects/Certificate in FDM) with the private.key and server.pem generated above. Run these on your firepower and copy the output: cat /etc/ssl/private.key respectively, cat /etc/ssl/server.pem

8. restart the device. After this the upgrade will work.

This worked for me. You saved me a lot of time and headache! Thank you!

How do I do step 7?
Step 8 is easy.  

https://youtu.be/Exo6HW9c8h0?si=DnXIkio6i1nup_sA

MHM

SSP Server Unavailable.  
Attempted to edit DefaultWebserverCertificate per your instructions.  Attempted to upload CER and Keys to DefaultWebserverCertificate.  Attempted to change DefaultWebserverCertificate.  

Attempts were made after multiple reboots.  Attempts were made after attempting to just restart http.  

I have deregistered and reregistered the firewall with my account.  I was able to update the DefaultInternalCertificate.  Current version is 7.4.2.1-30.  Default web certificate expired over 115 days ago.

See my solution above. works on 7.2.4.