Playbook
SSL and Certificates Playbook
Certificate installation and troubleshooting sequence for Node.js and Linux services.
Use this when handling TLS renewals or handshake failures.
Preflight
- Match private key to certificate
- Verify chain file order
- Confirm service account file permissions
Deployment
- Install key, cert, and chain in expected paths
- Restart service and inspect startup logs
- Test from CLI and browser clients
Failure triage
- Unknown CA usually means chain file issue
- Handshake timeout often signals protocol mismatch
- Intermittent failures can be stale upstream cache