Watch keynotes and sessions from MongoDB.live, our virtual developer conference.

"certificate has expired" Response from known working certificate

Hello,

We use a wildcard certificate for enabling tls encryption between our web app and our mongodb instance running inside of a docker container on a remote server. Until recently, it was working fine until it began to return “MongoServerSelectionError: certificate has expired”. However we use this same wildcard certificate across multiple services and they have been functioning normally. Is there another reason why mongodb would generate this response?

Welcome to the community @Matthew_Piccinich!

What specific MongoDB driver & version are you using and how recently did you start seeing the certificate expiry error?

One possibility is that your wildcard certificate was signed with an intermediate or root certificate that has expired. If so, the solution would be updating the certificate trust store for any affected environments.

For example, Sectigo (formerly known as Comodo) had a root certificate which expired on the weekend: Sectigo AddTrust External CA Root Expiring May 30, 2020. This would not be an issue for clients with updated trust stores, but could cause a scenario where clients with outdated trust stores would no longer be able to verify valid certificates.

Regards,
Stennie

Hello Stennie,

What specific MongoDB driver & version are you using?

We’re using MongoDB 4.2, I’ve started the mongodb instance via the latest mongodb docker image available.

How recently did you start seeing the certificate expiry error?

It started happening yesterday and we use a certificate issued by Sectigo.

It looks like you’ve pointed me in the right direction Stennie.

Thank You!