Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-5140

Cannot connect to server with Let's Encrypt certs.

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical - P2 Critical - P2
    • 1.29.4
    • 1.28.4
    • Compass, Connectivity
    • None
    • MongoDB Compass 1.28.4
      macOS 11.6
    • Not Needed

    Description

      Problem Statement/Rationale

      Our server is using certificates from Let's Encrypt, but when I try to connect it hangs for a minute or so, before finally giving up with 'certificate has expired'.

      Could this be caused by the recent expiry of the Let's Encrypt root certificates? I believe this was working before, though it's been a while since I last connected so I can't tell for sure.

      I'm using the SSL value 'System CA / Atlas Deployment', but only 'Unvalidated (insecure)' works.

      Is there any way to verify if this is indeed caused by the expiry of the Let's Encrypt Root Cert?

      Steps to Reproduce

      It's a bit of a lengthy setup, but the gist of it is that we have a DigitalOcean droplet with MongoDB installed. After fetching certs with certbot, a file is generated using

      cat /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem > /etc/ssl/mongo.pem

      This file is referenced in mongod.conf:

      net:
        tls:
          mode: requireTLS
          certificateKeyFile: /etc/ssl/mongo.pem

      Then I try to connect to the database in Compass with SSL set to 'System CA / Atlas Deployment'.

      Expected Results

      It connects.

      Actual Results

      'certificate has expired'

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            jespertheend@gmail.com Jesper van den Ende
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: