New DB, MySql connection problems

[Nicola Urbinati]

Hi,

I continue to have problems about mysql connections from domains.

I have the domain (domain.com) behind cloudflare.
I add a A record in there, for the subdomain (sub.domain.com).
From WHM/terminal, I check the subdomain is found by

ping sub.domain.com

From cPanel, with the owner of the domain, I add the subdomain.
From cPanel, I install wordpress (for example) via Softacoulous.

From inside that cPanel user I can't connect to the db created with the user created, nor though terminal nor through PHP.
From terminal:

mysql -u user -p

ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed

From WHM/terminal, I can connect.

Other DBs for the same cPanel user work fine.

 

[cPanelLauren]

Hi @Nicola Urbinati

Can you show me what's in /etc/my.cnf? It looks like you've set an SSL only connection to MySQL

 

[Nicola Urbinati]

Hi @cPanelLauren

Actually yes, I do have set SSL only connection.

Thing is, other mysql users/dbs from same cpanel user are accessible, and that mysql user/db is accessible from whm/root.

I'll get my.cnf in some minutes if you need to see It.

Thank you.

 

[Nicola Urbinati]

@cPanelLauren here it is, my.cnf

[mysql]
port                            = 3306
socket                          = /var/lib/mysql/mysql.sock
ssl
ssl-cipher=DHE-RSA-AES256-SHA
ssl-ca=/etc/mysql_keys/ca-cert.pem
ssl-cert=/etc/mysql_keys/server-cert.pem
ssl-key=/etc/mysql_keys/server-key.pem

[mysqld]

# Required Settings
basedir                         = /usr
bind_address                    = 127.0.0.1
datadir                         = /var/lib/mysql
max_allowed_packet              = 256M
max_connect_errors              = 1000000
pid_file                        = /var/lib/mysql/mysql.pid
port                            = 3306
skip_external_locking
socket                          = /var/lib/mysql/mysql.sock
tmpdir                          = /tmp
user                            = mysql
ssl
ssl-cipher=DHE-RSA-AES256-SHA
ssl-ca=/etc/mysql_keys/ca-cert.pem
ssl-cert=/etc/mysql_keys/server-cert.pem
ssl-key=/etc/mysql_keys/server-key.pem
local-infile=0

# InnoDB Settings
default_storage_engine          = InnoDB
innodb_buffer_pool_instances    = 16
innodb_buffer_pool_size         = 24G
innodb_file_per_table           = 1
innodb_flush_log_at_trx_commit  = 0
innodb_flush_method             = O_DIRECT
innodb_log_buffer_size          = 16M
innodb_log_file_size            = 2G
innodb_thread_concurrency      = 6

# MyISAM Settings
query_cache_limit               = 4M
query_cache_size                = 50M
query_cache_type                = 1

key_buffer_size                 = 48M

low_priority_updates            = 1
concurrent_insert               = 2

# Connection Settings
max_connections                 = 100

back_log                        = 512
thread_cache_size               = 100
thread_stack                    = 192K

interactive_timeout             = 180
wait_timeout                    = 180

# Buffer Settings
join_buffer_size                = 4M
read_buffer_size                = 3M
read_rnd_buffer_size            = 4M
sort_buffer_size                = 4M

table_definition_cache          = 20000
table_open_cache                = 20000
open_files_limit                = 60000

max_heap_table_size             = 128M
tmp_table_size                  = 128M

# Search Settings
ft_min_word_len                 = 3

# Logging
log_error                       = /var/lib/mysql/mysql_error.log
log_queries_not_using_indexes   = 1
long_query_time                 = 5
slow_query_log                  = 0
slow_query_log_file             = /var/lib/mysql/mysql_slow.log

[mysqldump]
quick
quote_names
max_allowed_packet              = 64M

[client]
ssl
ssl-cert=/etc/mysql_keys/client-cert.pem
ssl-key=/etc/mysql_keys/client-key.pem

 

[Nicola Urbinati]

It's not related to the subdomain, it seems, just to the cPanel user.

cPanel 80.0.13, CloudLinux release 7.6, MySQL Server version: 5.7.26-cll-lve

From the cPanel user, I created a new DB, a new user, associated user-db.
I cannot access the db from cPanel/terminal.

PS: We're going to substitute the "ssl" option in my.cnf with the new ssl-mode (probably REQUIRED) option.

Shouldn't I be able to access mysql, having the ssl stuff in the [client] section of my.cnf? I can access all "old" dbs, just new ones fail.
Is it something to do with cloudflare, even if it's a local connection?

 

[Nicola Urbinati]

Update:

Suddenly, the DB created yesterday begun accepting connections.

Still guessing why there's this time offset.

 

[cPanelLauren]

I wonder, did you relbuild cagefs after adding the database etc?

 

[Nicola Urbinati]

Hi @cPanelLauren,

No manual cagefs rebuild, maybe the update to 80.0.13?

 

[cPanelLauren]

It could be that, but if you run into any more trouble with it please let us know @Nicola Urbinati