Production custom URL failed with error "self signed certificate in certificate chain"

Hi everyone,
I’m trying to connect my forest backend with the admin panel and I can’t load my data because of an issue with my SSL certificate.

Expected behavior
Get my data in the admin panel

Actual behavior
I can’t get my data because of this error:

I also get errors in my console:

What is the current behavior?
The SSL cert is not valid for this domain.

Context
I added a custom domain to the forest admin interface, but it’s displaying the wrong SSL certificate for the domain when I generated the credentials with let’s encrypt and I can see the certificate is correct in my browser.

I installed the forest admin with npm and added https configuration, this is my server.js file:

I also share my .env configuration:

APPLICATION_PORT=“3310”

APPLICATION_URL=“https://www.admin.erthexchange.com.au:3310

CORS_ORIGINS=“https://app.forestadmin.com

DATABASE_URL=“mysql://**”

DATABASE_SSL=“true”

DATABASE_REJECT_UNAUTHORIZED=“false”

FOREST_ENV_SECRET=***
FOREST_AUTH_SECRET=***

NODE_ENV=“dev”

Connection with the DB is correct because I can see my entities but I’m not sure what am I doing wrong because SSL certificates are working in my browser.
My project name is erth_exchange_centos.

Hello @emisomoza ! :wave: Welcome to our community. :confetti_ball:

Can you fulfill this part of the template so we can give you the best answer?

  • Project name: …
  • Team name: …
  • Environment name: …
  • Agent (forest package) name & version: …
  • Database type: …

The error comes from your DB connexion. You have a certificate that is self-signed, so it’s non-trusted by default.

Here is a stackoverflow thread that explains a resolution for your issue.

Let me know if it helps.

Kind regards,
Morgan Perre

1 Like

Hi @morganperre thank you for your reply, I’ll complete the template:

  • Project name: erth_exchange_centos
  • Team name: Operations
  • Environment name: dev
  • Agent (forest package) name & version: idk what’s this
  • Database type: mysql

I used let’s encrypt to sign the certificate, do you mean I need another certificate for DB access or is it the same I use for https?

Best regards,
Emiliano.

Hi @morganperre I solved this issue with the fix you share here.
I changed the database ssl options:

if (process.env.DATABASE_SSL && JSON.parse(process.env.DATABASE_SSL.toLowerCase())) {
  databaseOptions.dialectOptions.ssl = { 
    require: true,
    rejectUnauthorized: false 
  };
}

Thank you!!

Best regards,
Emiliano.

2 Likes

Hey @emisomoza!

Awesome that you find the issue. :clap:

For those using PosgresSql and willing to understand self-signed certificate for their DB here is a link explaining the options.

Have a nice experience with Forest Admin.

Kind regards,
Morgan