Cannot connect to php contatiner to mysql: ERROR 2026 (HY000): TLS/SSL error: self-signed certificate in certificate chain

tuulia · October 13, 2025, 11:10am

With the docker composer below I cannot conect to my mysql container from my php
container. I get error:

ERROR 2026 (HY000): TLS/SSL error: self-signed certificate in certificate chain

The mysql container works form my host:

docker exec -it my_project_mysql bash -c "mysql -u root -proot"

But not from the php container

docker exec --privileged -it   my_project_php  bash
5f47b4b8b4c7:/var/www# 
5f47b4b8b4c7:/var/www# mysql -h my_project_mysql
ERROR 2026 (HY000): TLS/SSL error: self-signed certificate in certificate chain

My docker.yml:

services:

 ####################################################################################################
    # PHP
    ####################################################################################################
    php:
        container_name: my_project_php
        build: .docker/php
        ports:
            - 5173:5173
        volumes:
            - .:/var/www:cached

        extra_hosts:
            - "host.docker.internal:host-gateway"

    ####################################################################################################
    # Nginx
    ####################################################################################################
    nginx:
        container_name: my_project_nginx
        image: nginx
        ports:
            - 8000:80
        volumes:
            - .:/var/www
            - .docker/nginx/default.conf:/etc/nginx/conf.d/default.conf
            - .docker/nginx/nginx.conf:/etc/nginx/nginx.conf
            - .docker/nginx/certs:/etc/nginx/ssl
        depends_on:
            - php

    ####################################################################################################
    # DATABASE (MySQL)
    # docker exec -it my_project_mysql bash -c "mysql -u root -proot"
    # for a sql client:  mysql -h localhost --protocol=tcp   -uroot -proot
    ####################################################################################################
    my_project_db:
        container_name: my_project_mysql
        image: mysql:8.0
        ports:
            - 3306:3306
        volumes:
            - .docker/db/data:/var/lib/mysql
            - .docker/logs:/var/log/mysql
            - .docker/db/my.cnf:/etc/mysql/conf.d/my.cnf
            - .docker/db/sql:/docker-entrypoint-initdb.d
        environment:
            MYSQL_ROOT_PASSWORD: root
            MYSQL_DATABASE: my_project_db_name
            MYSQL_USER: my_project_db_user
            MYSQL_PASSWORD: my_project_db_pass

I am not an expert and
I have been trouble shooting in the folder:
.docker/db/data/

My assumption is that the certifactions her are not correct, but I don’t know to go further.

bluepuma77 · October 13, 2025, 3:10pm

It seems you are using some kind of certificates. The error is clear: TLS/SSL error: self-signed certificate in certificate chain.

Either you have loaded the wrong TLS certs, self-signed instead of official issued ones. Or you need to import the self-signed certs into PHP container for it to trust them. Or you need to tell PHP to not verify the certs when connecting to DB, if that is an option in the database driver.

But it’s not a dedicated Docker issue.

rimelek · October 13, 2025, 6:32pm

I don1t think the mount you quoted is relevant here, since it is mounted to the nginx container and the PHP container will not need that. That must be the TLS cert to access the site from the webbrowser, which should not affect MySQL connection.

My guess is that there are some settings in my.cnf that enables TLS for the MySQL server but without mounting an actual TLS cert, it uses some kind of self-signed default cert.

@tuulia Have you tried the MySQL server without the custom configuration?

You could also check the MySQL container logs as I suspect the server would show a warning when it uses a self-signed cert.

tuulia · October 15, 2025, 12:13pm

Hi

Thanks

I tried the following but I still get the error.
But is is good to know that is is not a docker problem…
For me it looks like something has been corrupted on my host. This was working fine suddenly when
I started a new project, it does not work any more.

I deleted
- .docker/nginx/certs:/etc/nginx/ssl
from docker.yml:
I deleted the file
.docker/db/my.cnf
(when I run compose up -d, it is recreated)
I deleted all of the containers and images
I run compose up -d

tuulia · October 15, 2025, 2:54pm

I found a solution, which I can use on my dev server

mysql -hmy_project_mysql --ssl-verify-server-cert=false

Anyway thanks for your help bluepuma77 !

Topic		Replies	Views
Cannot connect from php container to mysql server (host or mysql container) General	2	41	October 24, 2025
Apache2 container with ldap auth via php General	0	1290	June 20, 2017
How to make mysql and php work together and without show the database password General dockerhub	0	1354	November 29, 2015
Self-signed cert error only in Docker container General	2	5795	November 22, 2020
Help connection containers General	1	672	June 14, 2018

Cannot connect to php contatiner to mysql: ERROR 2026 (HY000): TLS/SSL error: self-signed certificate in certificate chain

Related topics