Sergie, I again owe you my thanks. The prompt to re-examine the file ownership was spot-on. Somehow, they had become owned by root - possibly some time before, and not mysql: Thus the 600 mode was preventing maria from reading the file and the error message was not hinting at an incompatibility, but was accurate - it could not open the file. Chowning the ssl files back to mysql: allowed Maria to restart. I'm relieved the issue is entirely local! Thanks again, Simon -----Original Message----- From: Sergei Golubchik <serg@mariadb.org> Sent: 27 May 2025 12:38 To: Simon Avery <Simon.Avery@atass-sports.co.uk> Cc: discuss@lists.mariadb.org Subject: Re: [MariaDB discuss] After upgrade from 10.11.11 to 10.11.13, Mariadb will not start with the existing SSL certs. Hi, Simon, The only remotely related change I could think of was a fix for MDEV-36229 - in 10.11.11 MariaDB had CAP_DAC_OVERRIDE capability, basically ignoring filesystem level access privileges. I know you wrote "privs are 700, owned by mysql user". But as this is the only thing I was able to find - double-check, perhaps? May be sudo mysql and try to read the file, or strace mariadbd startup if possible. Regards, Sergei Chief Architect, MariaDB Server and security@mariadb.org