https://www.zabbix.com/documentation/current/en/manual/encryption/troubleshooting/certificate_problems says at the very end

“I observed this when server certificate by mistake had the same Issuer and Subject string, although it was signed by CA. Issuer and Subject are equal in top-level CA certificate, but they cannot be equal in server certificate. (The same applies to proxy and agent certificates.)”

Can I suggest giving a possible means to investigate whether you have the same Issuer and Subject entries in server, proxy or agent certificates. I propose:

You may check whether your certificates contain the same Issuer and Subject entries by using the following openssl command

openssl x509 -in <yourcertificate.crt> -noout -text

It is OK for the Root certificate (top-level) certificate to have the same values for Issuer and Subject.”