Continuing to dig into this..
At this point it seems most likely that it's an SSL cert issue or a socket one. The former affecting the later?
mysql.sock is properly configured, so that's not likely it. Which seems to leave SSL cert as the issue.
I'd previously used a self-signed cert w/o issue. Current cert is newly created from/by Let's Encrypt. The post-install checks showed all was good there. And this, then, would point to a configuration issue with ZM and associated components.
A similar case:
https://github.com/MISP/MISP/issues/3270 . This person's solution:
It was all about the certificate, key and server ca pem files. I had to move them to /var/www/MISP directory and give www-data read access to them. Then the Mysql.php could provide them to the PDO connection object. Worked.
Pretty sure that I don't need to be moving certs around.
ZM SSL configs (/etc/zm/conf.d/custom.conf) has:
ZM_DB_SSL_CLIENT_CERT=/etc/letsencrypt/live/<my server's FQDN>/chain.pem
ZM_DB_SSL_CLIENT_KEY=/etc/letsencrypt/live/<my server's FQDN>/privkey.pem
Apache SSL configs (/etc/apache2/sites-enabled/000-default-le-ssl.conf) has:
ServerName <my server's FQDN>
SSLCertificateFile /etc/letsencrypt/live/<my server's FQDN>fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<my server's FQDN>/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Looking at these shows that I have a discrepancy with the cert File. Before I go messing with these I'd like to know if this is even the right tree to be barking up? It's not clear to me which one is supposed to be used.
I'm assuming that my "/etc/zm/conf.d/custom.conf" file is in fact being read.
Hoping that it's really just something this "simple." I've tweaked various mysql settings that could be responsible, to no avail. And I've rummaged around in a ton of files looking for signs of where this problem could exist; also to no avail (other than this cert issue).