I had been successfully using a signed certificate with a private key passphrase up until a recent power failure at our building. After that, slapd could not start, giving the error:

Jun 4 11:05:00 s1 slapd[665]: main: TLS init def ctx failed: -1\n

For whatever reason, even restoring from backup couldn’t make this go away. I found this excellent post that suggested both not using a private key passphrase and commenting out

TLSCertificatePassphraseTool in slapd_macosxserver.conf

https://www.afp548.com/forum/viewtopic.php?forum=39&showtopic=17809

This got slapd up and running, but when the server is rebooted, TLSCertificatePassphraseTool is added back into slapd_macosxserver.conf and slapd dies at reboot. Is there some way to fix this underlying problem?