Using Let's Encrypt certs with MySQL for database replication


#1

Hello,

I’m trying to set up a database replication so that it uses secure connections, but it is not clear what certificates I have to use. Here is my current configuration:

[mysqld]
# ssl-ca identifies the Certificate Authority (CA) certificate.
# wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem
ssl-ca=/etc/ssl/certs/lets-encrypt-x3-cross-signed.pem

# ssl-cert identifies the server public key certificate. This can be sent to the client and authenticated against the CA certificate that it has.
ssl-cert=/etc/letsencrypt/live/MYDOMAIN/cert.pem #  or chain.pem|fullchain.pem ?

# ssl-key identifies the server private key.
ssl-key=/etc/letsencrypt/live/MYDOMAIN/privkey.pem

My doubts are on the first two options. Are they correct?

Thanks.


MySQL Replication and letsencrypt certificates (client side)
Using Munin with Let's Encrypt (certificate verify failed) #420
#2

2nd is correct, 1st is wrong. Change that one to chain.pem, that way it’ll still work if the intermediate is changed.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.