Steps to reproduce:

1. MQTT CA certificate in /etc/ssl/certs/ca_mqtt.crt
2. Amend /etc/zabbix/zabbix_agent2.d/plugins.d/mqtt.conf with: Plugins.MQTT.Default.TLSCAFile="/etc/ssl/certs/ca_mqtt.crt"
3. Make sure certificate is accessible by user "zabbix": sudo -u zabbix cat /etc/ssl/certs/ca_mqtt.crt
4. Make sure mqtt client can access the MQTT server using certificate: mosquitto_sub h <mqtt-server> -t '$SYS/broker/version' -p 8883 -u <username> -P <password> -C 1 --insecure  -cafile /etc/ssl/certs/ca_mqtt.crt -v
5. Setup item for Zabbix agent (active): mqtt.get["tls://<mqtt-server>8883", "$SYS/broker/uptime", "<username>", "<password>"]
6. Assign template to a host

Result:
Amend /etc/zabbix/zabbix_agent2.conf to increase DebugLevel to 4 or 5

See logfile for:

[{"request":"agent data","data":[{"id":1,"itemid":48483,"state":1,"value":"open \"/etc/ssl/certs/ca_mqtt.crt\": no such file or directory"

Also "open "/etc/ssl/certs/ca_mqtt.crt": no such file or directory" can be seen on the "Latest data" and other screens in zabbix web-interface

2025/02/05 10:29:52.009903 sending [{"request":"agent data","data":[{"id":1,"itemid":48483,"state":1,"value":"open \"/etc/ssl/certs/ca_mqtt.crt\": no such file or directory","clock":1738740587,"ns":32681857}],"session":"36c21d95dbb12724687845f0a2200191","host":"zabbix-server","version":"7.2.3","variant":2}] to [127.0.0.1:10051] 

#mosquitto_sub -h <mqtt-server> -t '$SYS/broker/version' -p 8883 -u <username> -P <password> -C 1 --insecure  --cafile /etc/ssl/certs/ca_mqtt.crt -v $SYS/broker/version mosquitto version 2.0.11

#sudo -u zabbix cat /etc/ssl/certs/ca_mqtt.crt
-----BEGIN CERTIFICATE-----
MIIECzCCAvOgAwIBAgIUSIIeRHhBycLqOP+jsRd5Ze3h5FIwDQ YJKoZIhvcNAQEL
...
​XI7wVYly8sNPCqov2ljrnImjeOB5fyef2wq7JsRtfA==
-----END CERTIFICATE-----