Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-5140

Cannot connect to server with Let's Encrypt certs.

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Critical - P2 Critical - P2
    • 1.29.4
    • Affects Version/s: 1.28.4
    • Component/s: Compass, Connectivity
    • None
    • Environment:
      MongoDB Compass 1.28.4
      macOS 11.6
    • Not Needed

      Problem Statement/Rationale

      Our server is using certificates from Let's Encrypt, but when I try to connect it hangs for a minute or so, before finally giving up with 'certificate has expired'.

      Could this be caused by the recent expiry of the Let's Encrypt root certificates? I believe this was working before, though it's been a while since I last connected so I can't tell for sure.

      I'm using the SSL value 'System CA / Atlas Deployment', but only 'Unvalidated (insecure)' works.

      Is there any way to verify if this is indeed caused by the expiry of the Let's Encrypt Root Cert?

      Steps to Reproduce

      It's a bit of a lengthy setup, but the gist of it is that we have a DigitalOcean droplet with MongoDB installed. After fetching certs with certbot, a file is generated using

      cat /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem > /etc/ssl/mongo.pem

      This file is referenced in mongod.conf:

      net:
        tls:
          mode: requireTLS
          certificateKeyFile: /etc/ssl/mongo.pem

      Then I try to connect to the database in Compass with SSL set to 'System CA / Atlas Deployment'.

      Expected Results

      It connects.

      Actual Results

      'certificate has expired'

       

            Assignee:
            Unassigned Unassigned
            Reporter:
            jespertheend@gmail.com Jesper van den Ende
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: