I’m attempting to use Let’s Encrypt to enable MariaDB SSL. Unfortunately, it doesn’t seem to work. I’m using letsencrypt 0.4.1 and MariaDB 15.1 compiled with OpenSSL on Ubuntu Xenial. I’ve successfully used letsencrypt to set up my Apache server. I then turned off apache and ran ‘letsencrypt certonly -d MYDOMAIN --standalone’. ( Apache and MySQL use different subdomains, and I don’t want them to share keys.) I copied the key and certificates to a directory where mysqld has permissions, and use the following settings in my.cnf.
I get no error messages upon restarting mysqld, and it says that SSL is enabled from the CLI. I then tried to connect with the following command:
mysql -u USER -p --ssl_ca USER-READABLE-FOLDER/chain.pem -h MY-FQDN --ssl-verify-server-cert
I get the error: ssl3_get_server_certificate certificate verify failed
I converting the key to PKCS1 using ‘openssl rsa -in privkey.pem -out privkey.pem’, and it didn’t change things. I used openssl to verify the validity of the certificates, everything seemed fine.
I tried instead generating certificates according to the MySQL 5.7 instructions. , and was able to connect without any errors.
Can anyone comment on the differences between the certificates and keys generated by the mysql process versus those generated by letsencrypt? Has anyone successfully used letsencrypt with MariaDB or MySQL?