Description:
Hello,

I use LetsEncrypt certificates for all my services, and mount those certificates against the MySQL docker container:

docker-compose.yml:

    volumes:
        - /path/to/certs/:/etc/my.cnf.d/certs/:ro

my.cnf:

    [mysqld]
    ssl_cert                        = "/etc/my.cnf.d/certs/fullchain.pem"
    ssl_key                         = "/etc/my.cnf.d/certs/privkey.pem"

If I update those certificates in the Host, do I need to do anything on the container, such as either restarting or run "FLUSH SSL;", or will the container handle the certificates being updated?

Also, I noticed that even though I have my own certificates, MySQL has gone ahead and generated some Server and Client certificates inside the local /var/lib/mysql/ folder. I wonder if it's really using my own certificates, although the paths seem to be the ones I provided, when I look at the live variables on the server. So I'm not sure what the certificates created inside /var/lib/mysql/ are used for.

Many thanks!

How to repeat:
N/A

Hi Mr. P,

Thank you for your bug report.

However, you are not reporting a bug, but asking for a free support.

You will find the answer you are looking for in our Reference Manual. We shall help you with the URL:

https://dev.mysql.com/doc/refman/8.0/en/using-encrypted-connections.html#using-encrypted-c...

Not a bug.

Thank you. I appreciate your link to the documentation. My understanding is that as of 8.0.16, the new certificates will automatically be used on new connections.

As of 8.0.21, there is a new command "ALTER INSTANCE RELOAD TLS", but it only needs to be run if I'm changing other TLS configurations, and this doesn't need to be run when updating certificates.

Kind regards.

Mr. P,

You are truly welcome.