Without ca-certificates your panel cannot be behind a LetsEncrypt certificate, sftp reaches out to the API on the panel, so without this it cannot validate your sftp credentials.
Further, the sftp server simply rejects your auth details and provides no details on why it failed.
I no longer support the golang based sftp-daemon. However, changes you have stated would be added to the golang daemon in the next release as that is a potential issue.
Without ca-certificates your panel cannot be behind a LetsEncrypt certificate, sftp reaches out to the API on the panel, so without this it cannot validate your sftp credentials.
Further, the sftp server simply rejects your auth details and provides no details on why it failed.