I have 2 environments in AWS Elastic Beanstalk (EB) running a Node.js application connecting to DocumentDB utilizing the Mongoose framework. One of the environments inexplicably stopped working while the other is working fine. Both are deployed from a CI/CD build server that utilizes the EB CLI to deploy the application code.
The problematic environment generates the following error in the nodejs.log:
name: 'MongooseTimeoutError',
reason:
{ Error: unable to get local issuer certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1058:34)
at TLSSocket.emit (events.js:198:13)
at TLSSocket._finishInit (_tls_wrap.js:636:8)
name: 'MongoNetworkError',
[Symbol(mongoErrorContextSymbol)]: {} },
[Symbol(mongoErrorContextSymbol)]: {} }
Both use the same connection string as they connect to the same instance mongodb://*****:*****@docdb-2019-08-**-**-**-**.cluster-**********.us-east-2.docdb.amazonaws.com:27017/db_name?ssl=true&ssl_ca_certs=/etc/ssl/certs/rds-combined-ca-bundle.pem&replicaSet=rs0
The certificate pem file is the same file used for both and is deployed to the instance via EB .ebextensions scripts.
Things that I have tried:
Kind of stuck and out of ideas at the moment.
Amazon's DocumentDB oficial documentation has a sample code that works and doesn´t trigger this error.
https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html
This is the Node.JS sample with some adaptations for the sake of clarity:
const { MongoClient } = require('mongodb');
const fs = require('fs');
const caContent = [fs.readFileSync("/path/to/rds-combined-ca-bundle.pem")];
const options = {
sslValidate: true,
sslCA: caContent,
useNewUrlParser: true
};
const connUri = 'mongodb://user:[email protected]:27017/sample-database?ssl=true&replicaSet=rs0&readPreference=secondaryPreferred';
const client = new MongoClient(connUri, options);
const client = await MongoClient.connect();
Had the same issue.. not sure if this breaks with the change in cert to 2019 .. anyway I had to get around this with a code change (added the sslCA parameter to the Mongoose connect method below) and removal of the ssl cert location from the connection string.
connect(uri, {useNewUrlParser: true,
useFindAndModify: false,
sslCA: [fs.readFileSync("rds-combined-ca-bundle.pem")]}, (err: any)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With