Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-26731

Suddenly, started getting "ERROR 2026 (HY000): Unknown SSL error"

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Not a Bug
    • Affects Version/s: None
    • Fix Version/s: N/A
    • Component/s: SSL
    • Labels:
      None

      Description

      MariaDB instance on CentOS 7 has been running well for ages, and suddenly, starting about 30 minutes ago, my apps get this error trying to connect:

          # mysql
          ERROR 2026 (HY000): Unknown SSL error
      

      My certs have been always under "/etc/my.cnf.d/certs/", generated by LetsEncrypt.
      They expire on 2021-11-04, last modified date 2021-08-06.

      my.cnf:

          ssl_cert                        = "/etc/my.cnf.d/certs/fullchain.pem"
          ssl_key                         = "/etc/my.cnf.d/certs/privkey.pem"
      

      Looking at the logs, there's nothing that hints anything.
      The latest log there is about "InnoDB: Online DDL", long ago.

      *How can I investigate the cause of this problem?*
      From the research I made, the questions are due to setup issues, while in my case it's been working since always, but *"suddenly" failed, and I can't see what changed*.

      UPDATE I wonder if this related,

      https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

      https://community.letsencrypt.org/t/help-thread-for-dst-root-ca-x3-expiration-september-2021/149190

      > On September 30 2021, there will be a small change in how older browsers and devices trust Let’s Encrypt certificates.
      > (...)
      > DST Root CA X3 will expire on September 30, 2021.

      I wonder how can I make MariaDB trust ISRG Root X1!

        Attachments

          Activity

            People

            Assignee:
            serg Sergei Golubchik
            Reporter:
            nunop Nuno
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration