I have a self-hosted CA … and from there created a wildcard for my domain (which isn’t a valid TLD so no LetsEncrypt for me). I have tried just providing the wildcard cert + key … I have also tried providing the partial chain (CA + wildcard) as the cert + key, full chain (CA + issuer + cert) and the key however on startup I get:
homeassistant.exceptions.HomeAssistantError: Could not use SSL certificate from ssl/chain.pem: [X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:3895)
A) Is there a weird requirement for the order of the certs or are wildcard certs not acceptable?
B) Is there a utility that I can use to test combinations with rather than reboot my whole system on every test?
That error would mean you provided the wrong private key for the certificate.
The tool of choice for certificates is openssl, obviously, but you have web sites allowing you to validate your certificates/keys.