MariaDB and MySQL CA Certificate Update

MariaDB instance on CentOS 7 has been running well for ages, and suddenly, starting about 30 minutes ago, my apps get this error trying to connect:

# mysql
ERROR 2026 (HY000): Unknown SSL error

My certs have been always under "/etc/my.cnf.d/certs/", generated by LetsEncrypt.
They expire on 2021-11-04, last modified date 2021-08-06.


ssl_cert                        = "/etc/my.cnf.d/certs/fullchain.pem"
ssl_key                         = "/etc/my.cnf.d/certs/privkey.pem"

I wonder if this related, since today is the day DST Root CA X3 expires.

I wonder how can I make MariaDB trust ISRG Root X1!

Run yum update ca-certificates, and you should be fine (this will remove DST Root CA X3 from the trust store - and add ISRG Root X1 if not already present).

1 Like

Thanks, but the system is up to date.

I get this when I run that:

No packages marked for update

Alright... for those who have the same problem,

Run this if you haven't yet:

# yum update ca-certificates

If you get No packages marked for update, it may have been already run automatically - in my case, it was on Sep 24:
Sep 24 05:00:16 Updated: ca-certificates-2021.2.50-72.el7_9.noarch

And then run in your MySQL instance:


This resolved my problem!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.