[#MDEV-28101] Letsencrypt certificate not working for SST encryption

[MDEV-28101] Letsencrypt certificate not working for SST encryption Created: 2022-03-16 Updated: 2023-03-03
Status:	Open
Project:	MariaDB Server
Component/s:	Galera SST
Affects Version/s:	10.6.7
Fix Version/s:	10.6

Type:

Bug

Priority:

Major

Reporter:

Henri

Assignee:

Julius Goryavsky

Resolution:

Unresolved

Votes:

Labels:

SSL, galera, sst

Environment:

Ubuntu Server

Attachments:

node2 config.txt

short.txt

Description

When trying to use a certificate issued by Letsencrypt to encrypt SST traffic an error occours which makes SST unable to continue and therefor breaks the cluster. The configuration is working with self signed certificates. It is a 2 node Cluster.
Letsencrypt is working to encrypt client connections.

The issue according to the logs "WSREP: Handshake failed: tlsv1 alert unknown ca"
shortened logs are attached

the config of second node is also attached (without username and passwort of BackupUser)

Generated at Thu Feb 08 09:58:04 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-28101] Letsencrypt certificate not working for SST encryption Created: 2022-03-16 Updated: 2023-03-03