Generating SSL Certificate for communication between mySQL database and Fly?

Hello all I apologize in advance, frontend dev here and I am not very well versed in DNS and SSL related issues. I hope I am able to get my problem and questions across.

  1. I have a Fastify Server running at tRPC API running on Fly
  2. I am using Prisma as the ORM talking to a mySQL database hosted on PlanetScale.

I get back errors about needing an SSL certificate for secure communication between the db on PlanetScale and the API on Fly.

\nInvalid `` invocation:\n\n\nError opening a TLS connection: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1914: (unable to get local issuer certificate)

I went to PlanetScale’s documentation here to figure out how to set this up. My questions are as follows:

  1. Is the Certificates tab in the Fly dashboard what I am looking for to create the SSL certificate that would enable secure communication between Fly & PlanetScale?
  2. Is this something I need to / can do from inside the Dockerfile?

Again I apologize for my lack of understanding here. Thank you for your help and time!

Hi @rockchalkwushock

I’m not an expert on Fastify or Prisma ORM, but by reading the docs I suppose it’s the other way around: you need to add the certificate generated by PlanetScale to your app-- there’s details on step 7 on this page.

Not sure how you are configuring Prisma ORM, but by looking at their docs there seems to be a sslcert param that you can use to pass the path to the server certificate. Which means you have to download that file and include it on your image (that’s a COPY command on your Dockerfile).

Does that help?

Hey @bruno I think I understand now. I was confused about who creates/issues the certificate, but I was able to get it figured out. Looking at the documentation again it seems like since the container is running debian PlanetScale by default was looking for a cert to be present from ca-certificates I added the following to the Dockerfile and that seemed to resolve the TLS/SSL problems with PlanetScale.


FROM node:${NODE_VERSION}-slim as base

RUN npm --global install pnpm@${PNPM_VERSION}

# Added `ca-certificates` to container
RUN apt-get update && apt-get install -y ca-certificates

Thanks for your help with figuring this out!

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.