AWS RDS CA-2019 Certificate Compatible?

The operating system my web server runs on is (include version):
Linux 16.04.2 LTS
My hosting provider, if applicable, is:
AWS EC2 AMI
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.31.0

I feel this is a question a lot of people will be asking soon. AWS is updating RDS to use an updated SSL/TLS Certificate. This requires the client application to rotate certificates to the new CA-2019.

I have an EC2 instance that is using certbot for https, and runs node to connect to the RDS instance. If I update the RDS instance to use the new certificate, will certbot be compatible with that certificate? Do I need to do something to use the certificates provided by AWS?

This is my first encounter with certbot so please let me know if there are any misguided connections here, just trying to future proof my setup.

Here is a link to the aws docs that detail the changes I’m referring to: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html

1 Like

The two are unrelated.

The RDS certificate is used to optionally protect the network connection between Node.js and the your database server. For example, if you had a Node.js app, and you had to configure the MySQL database connection details for it, you might optionally configure it to use a secure connection to talk to your RDS database. What the AWS change is about is that you would need to tell Node’s MySQL driver to trust the new RDS root certificate.

Your Let’s Encrypt/Certbot certificate, on the other hand, is used to protect the HTTP connection between visitors and your web server (e.g. Apache, nginx, or even node.js if you’re not proxying it). Nothing is changing here - it will keep working just as it did before. It’s totally oblivious to RDS.

2 Likes

Fantastic thank you for the explanation. I leave this here in case someone else tries to relate the unrelated :man_facepalming:

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.