Search the Community

I am attempting to create a connection to my database that I have set up with SSL. It is saying "Cannot make a connection to the database" The error in the apache log is as follows: [Sun Aug 03 02:27:59.418655 2025] [php:notice] [pid 176919] [client 71.244.230.195:62660] Database Connection Failed: SQLSTATE[HY000] [2006] MySQL server has gone away The error in mysql log is as follws: 2025-08-03 2:27:59 8 [Warning] Aborted connection 8 to db: 'unconnected' user: 'unauthenticated' host: 'web2.dataguy2020.com' (This connection closed normally without authentication) I have created a .env file that has information as follows: APP APP_NAME=MyApp APP_ENV=dev COMMUNITY_NAME="Community Name" CONTACT_EMAIL="[email protected]" CONTACT_PHONE="555-555-5555" #Database DB_HOST="domain.to.sqlhost.com" DB_PORT=3306 DB_NAME="databseName" DB_USER="username" DB_PASS="password" #Database Connection Certs DB_CA="/path/to/cacert.pem" DB_CERT="/path/to/cert.pem" DB_CERT_KEY="/path/to/key.pem" My classes/Database class is as follows: <?php require __DIR__ . "/../vendor/autoload.php"; use Dotenv\Dotenv; class Database { private PDO $pdo; public function __construct() { $parentDirectory = dirname(__DIR__); $dotenv = Dotenv::createImmutable($parentDirectory, '.env'); $dotenv->load(); // echo "<pre>"; // Use <pre> for formatted output in a browser //foreach ($_ENV as $key => $value) { // echo "$key = $value\n"; //} //echo "</pre>"; $dbHost = $_ENV['DB_HOST']; $dbName = $_ENV['DB_NAME']; $dbUser = $_ENV['DB_USER']; $dbPass = $_ENV['DB_PASS']; $dbca = $_ENV['DB_CA']; $dbcert = $_ENV['DB_CERT']; $dbkey = $_ENV['DB_CERT_KEY']; $dsn = "mysql:host=$dbHost;dbname=$dbName;charset=utf8mb4"; $options = [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, // PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, // SSL/TLS options PDO::MYSQL_ATTR_SSL_CA => $dbca, // Path to CA certificate PDO::MYSQL_ATTR_SSL_CERT => $dbcert, // Path to client certificate (if required) PDO::MYSQL_ATTR_SSL_KEY => $dbkey, // Path to client key (if required) PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false // Verify server's SSL certificate ]; try { $this->pdo = new PDO($dsn, $dbUser, $dbPass, $options); //$this->pdo = new PDO($dsn, $this->username, $this->password, $options); $this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $this->pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); } catch(PDOException $e) { //Handle connection errors error_log("Database Connection Failed: " . $e->getMessage()); die("Could not connect to the database."); } //end of catch } //end of function public function getConnection(): PDO { return $this->pdo; } } //end of class At the bottom of my index.php I have the following as I am using this as a test <?php include_once ('classes/Database.php'); $db = new Database(); $pdo = $db->getConnection(); if ($pdo) { echo "Database Connection was successful"; } else { echo "Database Connection has failed"; } ?> What shows up in the browser is "Database Connection has failed" In /etc/mysql/mariadb.conf.d I have configured both the server the client. They are both using the same certificates as they are connection from the same server for now. I am looking at expanding the number of database hosts. The 50-client.conf has the following information [client] # Example of client certificate usage ssl-cert = /path/to/cacert.pem ssl-key = /path/to/key.pem ssl_cert = /path/to/cert.pem ssl-cipher=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256 tls_version = TLSv1.2 The 50-server.conf contains the following information ssl_ca = /etc/mysql/ssl/chain.pem ssl_cert = /etc/mysql/ssl/cert.pem ssl_key = /etc/mysql/ssl/privkey.pem require-secure-transport = on #ssl_cipher="DHE-RSA-AES128-GCM-SHA256:AES128-SHA" ssl_cipher="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384" tls_version = TLSv1.2,TLSv1.3 When I attempt to run the following error I get the following error: mysql -h localhost -u #username --ssl-cert=/path/to/cert.pem --ssl-key=/path/to/key.pem --ssl-ca=/path/to/cacert.pem ERROR 2026 (HY000): TLS/SSL error: tlsv1 alert unknown ca Other key things to know is that I created these certs with certbot. I am not sure if that is what is the cause of these errors or not. I am doing the following ssl_cert = cert.pem that is generated ssl_ca = fullchain.pem that is generated ssl_key = privkey.pem that is generated Any assistance would be great!