Hello all I apologize in advance, frontend dev here and I am not very well versed in DNS and SSL related issues. I hope I am able to get my problem and questions across.
I have a Fastify Server running at tRPC API running on Fly
I am using Prisma as the ORM talking to a mySQL database hosted on PlanetScale.
I get back errors about needing an SSL certificate for secure communication between the db on PlanetScale and the API on Fly.
\nInvalid `prisma.post.findMany()` invocation:\n\n\nError opening a TLS connection: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1914: (unable to get local issuer certificate)
I went to PlanetScale’s documentation here to figure out how to set this up. My questions are as follows:
Is the Certificates tab in the Fly dashboard what I am looking for to create the SSL certificate that would enable secure communication between Fly & PlanetScale?
Is this something I need to / can do from inside the Dockerfile?
Again I apologize for my lack of understanding here. Thank you for your help and time!
I’m not an expert on Fastify or Prisma ORM, but by reading the docs I suppose it’s the other way around: you need to add the certificate generated by PlanetScale to your app-- there’s details on step 7 on this page.
Not sure how you are configuring Prisma ORM, but by looking at their docs there seems to be a sslcert param that you can use to pass the path to the server certificate. Which means you have to download that file and include it on your image (that’s a COPY command on your Dockerfile).
Hey @bruno I think I understand now. I was confused about who creates/issues the certificate, but I was able to get it figured out. Looking at the documentation again it seems like since the container is running debian PlanetScale by default was looking for a cert to be present from ca-certificates I added the following to the Dockerfile and that seemed to resolve the TLS/SSL problems with PlanetScale.
ARG NODE_VERSION=18.16.0
ARG PNPM_VERSION=8.3.1
FROM node:${NODE_VERSION}-slim as base
RUN npm --global install pnpm@${PNPM_VERSION}
# Added `ca-certificates` to container
RUN apt-get update && apt-get install -y ca-certificates