DigitalOcean

Question

App Platform service connecting to Manage MySQL receives 'self signed certificate in certificate chain' error

I have two projects, one containing a database and the other containing an app via the App Platform.

I’m trying to connect to my database via my deployed app but I receive a self signed certificate in certificate chain error on connection attempts. The credentials themselves work via a GUI and the app itself is marked as a trusted source. This has been done via manually inputting the CA Cert as an env variable.

I’ve also tried creating a component specific env variable from this guide in the App Platform’s config but it can’t find my database service.

My connection code looks like the below. I’m aware I can set rejectUnauthorized: false against my connection, but I don’t want to have to do this. How can I get my App Platform component to successfully connect to my Database?

const mysql = require("mysql2/promise");
let pool;
...
pool = mysql.createPool({
    host: MYSQL_HOST,
    user: MYSQL_USERNAME,
    password: MYSQL_PASSWORD,
    database: MYSQL_DATABASE,
    port: MYSQL_PORT,
    waitForConnections: true,
    connectionLimit: 10,
    maxIdle: 10,
    idleTimeout: 60000,
    queueLimit: 0,
    enableKeepAlive: true,
    keepAliveInitialDelay: 0,
    supportBigNumbers: true,
    timezone: "Z",
    ssl: {
        ca: process.env.MYSQL_CA_CERT,
    },
});
Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
June 13, 2024

Hey!

Does this error occur during the build process or the actual run process? Database values are not available during build time but are available at runtime.

Also, if you were to try and console log the process.env.MYSQL_CA_CERT value, do you see the correct certificate?

As per the official docs, the mysql2/promis requires a file path rather than passing the certificate directly:

https://sidorares.github.io/node-mysql2/docs/examples/connections/create-connection#createconnectionconfig--ssl

What you could do is to add a command to the app that creates the certificate file upon runtime, such as echo $MYSQL_CA_CERT > ca_cert.cert && <original run command>. App Platform requires the original run time command to start the app upon runtime.

Then you can reference that file in the connection string, eg:

ca: fs.readFileSync('./ca_cert.cert'),

Let me know how it goes!

- Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2024 DigitalOcean, LLC.Sitemap.