Certificates & key types
Always serve your leaf certificate **plus the intermediate chain** (concatenated, leaf first) so clients can build a path to a trusted root — a missing intermediate is the most common "works in my browser, fails elsewhere" bug. For the key, **ECDSA (P-256)** is smaller and faster than 2048-bit **RSA** and is supported by every modern client; you can even serve both and let the server pick per-client. Use an automated issuer like Let's Encrypt so renewals never lapse. Keep the private key readable only by the server user, and never commit it.