Unable to connect to database due to Connections using insecure transport are prohibited while --require_secure_transport=ON

Edward_Brook · January 1, 2024, 9:54pm

Hello,

We are self hosting Ghost on an Ubuntu 22.04 VM. We host the database for Ghost on a Linode cloud database. Linode by default enforces Secure Transport, and because we do not have access to the configuration for for the database instance and Linode every month wipes the persisted values we are forced to have Secure Transport on.

Here is Linodes guides for connecting to the database. Connect to a MySQL Managed Database | Linode Docs

As you can imagine i am having trouble connecting ghost to that database instance with Secure Transport Enabled as i get the error below, even though i have inserted a certificate that Linode supplied into the Ghost configuration file.

The error is.
Internal server error, cannot read post. An unexpected error occurred, please try again. Connections using insecure transport are prohibited while --require_secure_transport=ON.

For other applications that connect to the same Linode Database there is usually a “Verify_Cert” value or something along those lines. Is there anything like that in Ghost?

Any advice to get us connected would be appreciated. Thanks!

mjw · January 2, 2024, 9:59am

Welcome to the Ghost community, @Edward_Brook.

Ghost is reporting the error, yet the connection should be set up correctly in MySQL on the client, i.e., your webserver.

[mysqld]
bind-address = db_server_ip
ssl_ca=ca.pem
ssl_cert=server-cert.pem
ssl_key=server-key.pem
require_secure_transport=ON

Kevin · January 2, 2024, 10:23am

Ghost uses the mysql2 package to connect to mysql, it uses the same configuration options as the mysql package.

My guess is that you’ll need to provide the required ssl configuration for the connection. There are docs for the package’s config options at https://github.com/mysqljs/mysql#ssl-options.

To supply the config through Ghost you’ll need to modify your config.production.json file or env vars. E.g. (adjust as needed):

"database": {
  "client": "mysql",
  "connection": {
    "host": "127.0.0.1",
    "port": 3306,
    "user": "your_database_user",
    "password": "your_database_password",
    "database": "your_database_name",
    "ssl": {
        "cert": "...",
        "key": "..."
    }
  }
}

Topic		Replies	Views
Database Connection TLS issue with Azure Database for MySQL flexible server Self-hosting	2	406	May 28, 2024
Ghost with connection to central MySQL server in Microsoft Azure Cloud with SSL Self-hosting	1	393	February 1, 2023
Configure mysql over tls/ssl Developer help	9	4333	August 22, 2018
ERR_SSL_PROTOCOL_ERROR This site can’t provide a secure connection Self-hosting	0	569	September 10, 2022
502 Bad Gateway Installation	6	470	November 7, 2023

Unable to connect to database due to Connections using insecure transport are prohibited while --require_secure_transport=ON

Related topics