I’ve always limited one end to RSA-only when I needed to decrypt traffic. If you have access to the linux server, you might be able to do that, or find out if the server software (apache? Nginx?) or the crypto library (openssl? gnutls?)
supports logging the premaster keys. If you have no access to either end, there is no way to decrypt a TLS handshake using ephemeral keys.
Since you have the certificate and private key, it might be possible to set up a proxy that dumps unencrypted packets to a log.
It won't work, because I'm capture traffic between an iOS device (not jailbroken) and a Linux server, there's no such thing as SSLKEYLOGFILE to use here.