This is a follow up to this issue HERE.

After creating new ssl certificates, I created new certs specfically for PayPal use. I have three certficates in play for PayPal which are the private key set to 440, public key set to 644, and PayPal key that I downloaded after uploading the public key, and that key is also set to 644. I also copied over the Cert ID.

All keys are being used as proven by my logging, however I am getting the infamous:

"We were unable to decrypt the certificate id"

There shouldn't be any copy paste issues (as I've seen others discuss) since I downloaded and uploaded everything without needing to copy/paste anything.

I am miffed at to what could be the problem. Any ideas?

This is resolved. The issue was just a configuration mis-step. I still wonder why and wonder if it is safe to allow a www-data readable on one of the private keys.