Can't connect Node.js app from Droplet to mySQL database in managed db cluster


For a few days now I have been trying to set up a droplet with a mysql Database on a managed DB cluster (also on DigitalOcean), but have been running into trouble getting the app connected to the database: I keep getting the connection timed out error, which the docs refer to as a firewall (db-side) issue.

/home/nodejs/.pm2/logs/app-error.log last 15 lines:

0|app      |     at process.processTimers (node:internal/timers:507:7) {

0|app      |   errorno: 'ETIMEDOUT',

0|app      |   code: 'ETIMEDOUT',

0|app      |   syscall: 'connect',

0|app      |   fatal: true

0|app      | }

0|app      | Error: connect ETIMEDOUT

0|app      |     at PoolConnection._handleTimeoutError (/var/www/html/project-root/node_modules/mysql2/lib/connection.js:205:17)

0|app      |     at listOnTimeout (node:internal/timers:564:17)

0|app      |     at process.processTimers (node:internal/timers:507:7) {

0|app      |   errorno: 'ETIMEDOUT',

0|app      |   code: 'ETIMEDOUT',

0|app      |   syscall: 'connect',

0|app      |   fatal: true

0|app      | }

The set-up is as follows:

  • The app is currently running on node v16.20.2, which is deprecated, but will be updated later, once I get it running.
  • I am using pm2 as a process runner, but get the same issue when I directly run the app without pm2
  • I am using mysql2 to create a DB pool connecting to the database, with the connection details coming from the .env file
  • I downloaded the ca-certificate.crt from the Database connection info window
  • The droplet using ufw, with all necessary ports allowed
  • I whitelisted the droplet, the VPC IP&Range, the private IP of the droplet in the database, but also tried whitelisting various 127.0.. after checking hostname -i inside the droplets ssh console
  • I am able to directly connect to the database via the console with a mysql command, just not from the node.js app

This is the setup for the dbPool connect:

const mysql = require('mysql2');

const fs = require('fs');

const path = require('path');

const caCertPath = path.join(__dirname, '../../config/ca-certificate.crt');

const caCert = fs.readFileSync(caCertPath);

const dbPool = mysql.createPool({

    connectionLimit: 100,

    host: process.env.DB_HOST,

    user: process.env.DB_USER,

    password: process.env.DB_PASSWORD,

    database: process.env.DB_DATABASE,

    multipleStatements: true,

    ssl: {

        ca: caCert



module.exports = dbPool;

The ca certificate is in /project-root/config/ca-certificate.crt while the dbConnect.js is inside /project-root/backend/utils/dbConnect.js

And inside the app.js:

**// Import module**

const dbPool = require('./backend/utils/dbConnect');

**// Connect db**

dbPool.getConnection((err, connection) => {

console.log('err connent', err);

    if (err) throw (err); **// If not connected**

    console.log('Connected to mySQL as ID ' + connection.threadId);


And the .env file:






I also tried various ports for the DB Port, like 25061 and 3306. When I use localhost or or variations of that, I get a handshake error issue:

0|app  | Listening on port 3000

0|app  | err connent Error: self-signed certificate in certificate chain

0|app  |     at TLSSocket.onConnectSecure (node:_tls_wrap:1538:34)

0|app  |     at TLSSocket.emit (node:events:513:28)

0|app  |     at TLSSocket._finishInit (node:_tls_wrap:952:8)

0|app  |     at ssl.onhandshakedone (node:_tls_wrap:733:12) {

0|app  |   code: 'HANDSHAKE_SSL_ERROR',

0|app  |   fatal: true

0|app  | }

I also tried setting up a managed app with node.js and a deployment process with the github repository with a DB added to the App during the app creation process in the digital ocean backend and tried the existing managed DB cluster database and run into 1:1 the same issues.

Could someone point me into the right directions to solve this issue?

Thank you very much, Julian

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Site Moderator
Site Moderator badge
February 26, 2024

Heya @julianlaudan,

From the provided info, I didn’t see you setting your Droplet’s IP address as a trusted source for your managed DB app:

Check the ‘Add Trusted Sources’ part where it shows how you can add an IP to be part of the trusted list so that you can connect to that DB.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel