Make sure your user can connect to the DB server

First of all, let's make sure the user you created has access to the database. To check this login to your server and type:

> mysql -u nextcloud -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 25166
Server version: 10.1.38-MariaDB-0ubuntu0.18.04.1 Ubuntu 18.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>
If you managed to login then that's cool. If not then your issue is probably connected with that rather than your cloud config.

Going through the wizard without SSL

Unfortunatly I haven't managed to go through the wizard using TLS/SSL connection. For some reason, Nextcloud/ownCloud doesn't take it's config into consideration while in the wizard. What we have to do is to lower our guard for a while and let the cloud configure the database. Then we can switch back to the secure connection.

I have my MariaDB server configured to accept only secure TLS connections so for me the steps are to go to /etc/mysql/mariadb.conf.d/50-server.cnf and comment out this line:

ssl=on
and then restart MariaDB server:
> systemctl restart mysql
Additionally you need a DB login that doesn't require SSL for now so login to your DB and execute following command:
MariaDB [(none)]>GRANT ALL PRIVILEGES ON nextcloud.* TO 'temporary'@'localhost' IDENTIFIED BY 'temporarypassword' WITH GRANT OPTION;
You should now be able to go through the wizard with this user. In case of any further wizard errors you can go to the data folder (the one you set up in the wizard) of your cloud and examine the log file. PHP log file can also be helpfull.

Securing everything back

Let's start securing everything back by dropping the temporary user:

MariaDB [(none)]> DROP USER 'temporary'@'localhost';
Now let's go to the /etc/mysql/mariadb.conf.d/50-server.cnf and uncomment the ssl=on line we previously commented out. Don't forget to restart the service:
> systemctl restart mysql
Finally we can go to the place where you have installed the Nextcloud/ownCloud server and go to the config folder and edit the config.php file. Make sure you have these lines in your config and all passwords, paths, etc. adjusted to your environment. Highlighted lines are essential to establish an SSL connection:
<?php
$CONFIG = array (
  'dbname' => 'yourdbname',
  'dbhost' => 'yourdbhost',
  'dbdriveroptions' =>
  array (
    1007 => '/etc/mysql/ssl/client-key.pem',
    1008 => '/etc/mysql/ssl/client-cert.pem',
    1009 => '/etc/mysql/ssl/ca-cert.pem',
  ),
  'dbtype' => 'mysql',
  'dbtableprefix' => 'oc_',
  'dbport' => '',
  'dbuser' => 'yourdbuser',
  'dbpassword' => 'yourdbpassword',
  ...
);

Additionally if your DB and cloud server are on the same machine then you probably want to edit the /etc/hosts file and add yourdbhost there as 127.0.0.1. It is important for MySQL driver to have the same hostname in the dbhost setting as in the certificate! So if your certificate is registered for mysql.example.com and it is hosted locally to the cloud server then put mysql.example.com into the dbhost value and also into /etc/hosts like this:

127.0.0.1 mysql.example.com

Cutting edges

You can now refresh your cloud webpage. Everything should still be working as expected but with TLS/SSL connection! Additionally, if the DB server is hosted locally to the cloud server then you may want to change the connection to the socket. Edit cloud's config.php once more and change the dbhost line to look like the following (the socket may be located somewhere else on your machine):

'dbhost' => 'mysql.example.com:/run/mysqld/mysqld.sock',
Have fun with your own cloud! :)