Question

App Platform service connecting to Manage MySQL receives 'self signed certificate in certificate chain' error

I have two projects, one containing a database and the other containing an app via the App Platform.

I’m trying to connect to my database via my deployed app but I receive a self signed certificate in certificate chain error on connection attempts. The credentials themselves work via a GUI and the app itself is marked as a trusted source. This has been done via manually inputting the CA Cert as an env variable.

I’ve also tried creating a component specific env variable from this guide in the App Platform’s config but it can’t find my database service.

My connection code looks like the below. I’m aware I can set rejectUnauthorized: false against my connection, but I don’t want to have to do this. How can I get my App Platform component to successfully connect to my Database?

const mysql = require("mysql2/promise");
let pool;
...
pool = mysql.createPool({
    host: MYSQL_HOST,
    user: MYSQL_USERNAME,
    password: MYSQL_PASSWORD,
    database: MYSQL_DATABASE,
    port: MYSQL_PORT,
    waitForConnections: true,
    connectionLimit: 10,
    maxIdle: 10,
    idleTimeout: 60000,
    queueLimit: 0,
    enableKeepAlive: true,
    keepAliveInitialDelay: 0,
    supportBigNumbers: true,
    timezone: "Z",
    ssl: {
        ca: process.env.MYSQL_CA_CERT,
    },
});

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
June 13, 2024

Hey!

Does this error occur during the build process or the actual run process? Database values are not available during build time but are available at runtime.

Also, if you were to try and console log the process.env.MYSQL_CA_CERT value, do you see the correct certificate?

As per the official docs, the mysql2/promis requires a file path rather than passing the certificate directly:

https://sidorares.github.io/node-mysql2/docs/examples/connections/create-connection#createconnectionconfig--ssl

What you could do is to add a command to the app that creates the certificate file upon runtime, such as echo $MYSQL_CA_CERT > ca_cert.cert && <original run command>. App Platform requires the original run time command to start the app upon runtime.

Then you can reference that file in the connection string, eg:

ca: fs.readFileSync('./ca_cert.cert'),

Let me know how it goes!

- Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel