MongoDB failing after certificates are renewed

Hi, I am running MongoDB as a deployment(setup done using Enterprise Operator) and I renewed the tls certificates and updated the Kubernetes secret and restarted the workload but seeing the following error on MongoDB:

{"logType":"mongodb","contents":"{\"t\":{\"$date\":\"2023-11-16T19:52:47.268+00:00\"},\"s\":\"E\",  \"c\":\"NETWORK\",  \"id\":23248,   \"ctx\":\"-\",\"msg\":\"Cannot read certificate file\",\"attr\":{\"keyFile\":\"/mongodb-automation/tls/ZWMUG3LULZQCV47WAHBGAUZKTM2HZND64KSLPGANGVEISVN6CNNQ\",\"error\":\"error:02001002:system library:fopen:No such file or directory\"}}"}
{"logType":"mongodb","contents":"{\"t\":{\"$date\":\"2023-11-16T19:52:47.268+00:00\"},\"s\":\"F\",  \"c\":\"CONTROL\",  \"id\":20574,   \"ctx\":\"-\",\"msg\":\"Error during global initialization\",\"attr\":{\"error\":{\"code\":140,\"codeName\":\"InvalidSSLConfiguration\",\"errmsg\":\"Can not set up PEM key file.\"}}}"}

It seems MongoDB is still referencing old certificate file which is no longer present instead of using the new certificate file.

Looks like it’s not finding the file(s)

Does your entry in mongod.conf under net: tls: match your new certificate and key file?

Thanks Jack_Woehr for the input. Actually this issue has been resolved.


  • Upgrade MongoDB Enterprise operator from 1.20.0 to 1.22.0
  • Set “MDB_AUTOMATIC_RECOVERY_BACKOFF_TIME_S” and “MDB_AUTOMATIC_RECOVERY_ENABLE” as environment variables in MongoDB Operator

So initially the problem was after renewing the MongoDB cert and updating the k8s secret that stored this cert, MongoDB was trying to refer the old cert file which was no longer present in the file system. After applying the above steps the MongoDB picked up the new cert file and the MongoDB service started fine.

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.