Unable to connect to database due to Connections using insecure transport are prohibited while --require_secure_transport=ON


We are self hosting Ghost on an Ubuntu 22.04 VM. We host the database for Ghost on a Linode cloud database. Linode by default enforces Secure Transport, and because we do not have access to the configuration for for the database instance and Linode every month wipes the persisted values we are forced to have Secure Transport on.

Here is Linodes guides for connecting to the database. Connect to a MySQL Managed Database | Linode Docs

As you can imagine i am having trouble connecting ghost to that database instance with Secure Transport Enabled as i get the error below, even though i have inserted a certificate that Linode supplied into the Ghost configuration file.

The error is.
Internal server error, cannot read post. An unexpected error occurred, please try again. Connections using insecure transport are prohibited while --require_secure_transport=ON.

For other applications that connect to the same Linode Database there is usually a “Verify_Cert” value or something along those lines. Is there anything like that in Ghost?

Any advice to get us connected would be appreciated. Thanks!

Welcome to the Ghost community, @Edward_Brook.

Ghost is reporting the error, yet the connection should be set up correctly in MySQL on the client, i.e., your webserver.

bind-address = db_server_ip

Ghost uses the mysql2 package to connect to mysql, it uses the same configuration options as the mysql package.

My guess is that you’ll need to provide the required ssl configuration for the connection. There are docs for the package’s config options at https://github.com/mysqljs/mysql#ssl-options.

To supply the config through Ghost you’ll need to modify your config.production.json file or env vars. E.g. (adjust as needed):

"database": {
  "client": "mysql",
  "connection": {
    "host": "",
    "port": 3306,
    "user": "your_database_user",
    "password": "your_database_password",
    "database": "your_database_name",
    "ssl": {
        "cert": "...",
        "key": "..."