Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: rh8my8-2-mysql.miserver.it.umich.edu
I ran this command: ALTER INSTANCE RELOAD TLS;
It produced this output: ALTER INSTANCE RELOAD TLS;
ERROR 3888 (HY000): Failed to set up SSL because of the following SSL library error: SSL_CTX_set_default_verify_paths failed
Mysql server is (include version): MySQL 8.0
The operating system my server runs on is (include version): x86_64 x86_64 x86_64 GNU/Linux
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0
I installed certbot on my server where MySQl database is running . I wanted to auto-renew certs for MySQL database . I generates the certs, key and copied it over manually to /etc/pki/tls/certs directory , changed the permissions to 644 as root , updated the mysql.conf file , restarted the server and ssl connection was successful . I even tried the certbot renew command and it worked. However the issue is , inorder to avoid the manual work of copying over the certs from /etc/letsencrypt/live/rh8my8-2-mysql.miserver.it.umich.edu to /etc/pki/tls/certs , I tried creating symlinks from /etc/pki/tls/certs and put a deploy-hook to just reload the certs dynamically into the database.
This is from /etc/pki/tls/certs , I created symlinks .
lrwxrwxrwx. 1 root root 67 Jun 19 13:56 cert.pem -> /etc/letsencrypt/live/rh8my8-2-mysql.miserver.it.umich.edu/cert.pem
lrwxrwxrwx. 1 root root 68 Jun 19 13:57 chain.pem -> /etc/letsencrypt/live/rh8my8-2-mysql.miserver.it.umich.edu/chain.pem
lrwxrwxrwx. 1 root root 70 Jun 19 13:58 privkey.pem -> /etc/letsencrypt/live/rh8my8-2-mysql.miserver.it.umich.edu/privkey.pem
After creating the symlinks , the ssl connection is not working . I changed the permission of the private key in the archives directory to 644 to see if it resolves but looks like MySQL didn't pick up the certs .
mysql> show status like '%ssl_serv%';
+-----------------------+-------+
| Variable_name | Value |
+-----------------------+-------+
| Ssl_server_not_after | |
| Ssl_server_not_before | |
+-----------------------+-------+
mysql> ALTER INSTANCE RELOAD TLS;
ERROR 3888 (HY000): Failed to set up SSL because of the following SSL library error: SSL_CTX_set_default_verify_paths failed
I also did sudo certbot update_symlinks
Saving debug log to /var/log/letsencrypt/letsencrypt.log .
Kindly help me here if there is some mistake in setting up symlinks or if symlinks wont work for MySQL database.