Azure AD SSO (OpenIDConnect) | Custom LetsEncrypt Certificate Chain | "Connection reset by peer - ssl connect"

I have a CE instance of GitLab for testing before we go EE. I’ve setup the installation with Custom LetsEncrypt certificates using dns verification.

I have Azure AD SSO setup using OpenIDConnect (per documentation suggestion). SSO was implemented and working BEFORE I got SSL certificates, but is now failing after applying the certificates to the instance. https is working with the new certificates, and I’ve ran through most of the SSL troubleshooting.

Any suggestions?