MariaDB ubuntu 20.04 letsencrypt set up ssl
Question
I'm having a bit of a problem with setting up SSL for mariaDB on my ubuntu 20.04. I installed certbot generated a certificate and added the following lines to /etc/mysql/mariadb.conf.d/50-server.conf:
ssl-ca=/etc/letsencrypt/live/domain/fullchain.pem
ssl-cert=/etc/letsencrypt/live/domain/cert.pem
ssl-key=/etc/letsencrypt/live/domain/privkey.pem
When I do systemctl restart mariadb I get the error message: Job for mariadb.service failed because the control process exited with error code. See "systemctl status mariadb.service" and "journalctl -xe" for details.
When I look at /var/log/mysql/error.log I see:
2023-01-20 19:23:44 0 [ERROR] Failed to setup SSL
2023-01-20 19:23:44 0 [ERROR] SSL error: SSL_CTX_set_default_verify_paths failed
2023-01-20 19:23:44 0 [ERROR] Aborting
I'm a bit lost what to do!
I validated the urls to the certificates there are correct.
1 answers
solution1
0 2023-01-21 17:14:59
Unfortunately the server error message isn't very descriptive. If loading of ca file or ca-path didn't succeed a general error SSL_CTX_set_default_verify_paths failed will be returned.
You should get a more descriptive error message (eg file not found or permission denied) if you pass the root authority to the command line client which uses TLS implementation of Connector/C.
mariadb --ssl-ca=/etc/letsencrypt/live/domain/fullchain.pem
The command line client must be executed under the same user under which the server starts (likely user mysql ).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.