how best to track this problem down?

edit

I have a Linux server which is running Let's Encrypt. The application on it is written in Codeigniter/PHP. I also have a Chrome Extesnion that I wrote in javascript. When the Extension wants to login to the server it sends a login message by using HTTPXML and a POST. The server sees that request, looks up some data to send back to the extension, and builds the headers and creates the payload, and then outputs the data. I have viewed the data with the debugger before it goes out and it looks fine. I also have the Chrome debugger open on the Extnesion. I see the response but the receive error at the Extnsion is server error 500. When I look in the error.log on the server I see a message
malformed header from script 'index.php': Bad header: {"0":["{choose}","IOS","Mac"," Somehow my payload (which is correct above) got shoved into one of the headers and the browser has an issue with that.

I don't know where this sequence is being screwed up? Is it the CI/PHP program? It looks ok in my debugger. Is it Let's Encrypt?

So what I want to do is to see the buffer, right after Let's Encrypt has finished encrypting but the data hasn't left the server yet (or has just left the server). I have managed to get Wireshark to capture the buffers on my machine where the Extension is running. I have followed the directions to set up SSLKEYLOG file on the client PC and it is catching data, but when I look at it in Follow TCP Stream, it is still encrypted and I can't read it. How can I see the uncrypted data? I don't recall telling Wireshark where my SSL credentials are?

Thanks for any advice.