Today I Learned

Validate privateKey, certificate and CSR files

$ openssl pkey -in privateKey -pubout -outform pem | sha256sum
# => f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2  -
$ openssl x509 -in certificate -pubkey -noout -outform pem | sha256sum 
# => f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2  -
openssl req -in CSR -pubkey -noout -outform pem | sha256sum
# => f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2  -

When all pairs match, you can be sure that you have the right set of files for your domain.