TLS init def ctx failed:

#strace /usr/sbin/slapd2.4 -d 1 -g ldap -u ldap -f /etc/openldap2.4/slapd.conf > /tmp/a 2>&1


write(2, "TLS: could not use key file `/et"..., 104TLS: could not use key file `/etc/openldap2.4/certs/2.key.pem'.) = 104
write(2, "TLS: error:0B080074:x509 certifi"..., 104TLS: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch x509_cmp.c:398) = 104
write(2, "main: TLS init def ctx failed: -"..., 34main: TLS init def ctx failed: -1

FIX:

regen a key and csr, and get a new cert.