Mongorestore error: "tls: private key does not match public key"


I have set up a mongodb sharded cluster on debian 10 on the port 28000 which is the mongos. I am trying to use mongodump and mongorestore and I am getting the error “error connecting to host: error configuring the connector: error configuring client, can't load client certificate: tls: private key does not match public key”.

The .pems I use are the same that I use successfully to connect within my nodejs app, mongosh, compass. However, it doesn’t work with mongodump & mongorestore.

This is the command i use, for example for mongorestore:

mongorestore --drop --preserveUUID --maintainInsertionOrder --stopOnError --uri="mongodb://" --ssl --sslPEMKeyFile="/player22/shared/ssl/cert-plus-key-decrypted.pem" --sslCAFile="/player22/shared/ssl/ca.pem" --username="backupUser" --password="<removed>" --authenticationDatabase="admin" --gzip --archive="toto.gz"

Do you know what is wrong? And what could make the same keys refused by mongorestore, but accepted by nodejs driver, mongosh, compass?


Edit: I have found this question with a similar issue, but no answer:

Edit: This is the mongos.conf I use to start the mongos instance. The ssl .pem files are the same that I use for mongodump/mongorestore, and that I use to connect successfully with other mongodb clients. I also forgot to precise that I use the latest stable version of everything.

# ***** mongos.conf for mongos node *****
# for documentation of all options, see:
# ***************************************
# + db node name: "node-mongos-mongos1"
# + creation date: "Sun 05 Dec 2021 08:26:48 AM UTC"
# ***************************************

# logging
    destination: file
    logAppend: true
    path: /player22/db/nodes/node-mongos-mongos1/log/mongos.log

# network interface
    port: 28000
    bindIpAll: true

# how the process runs
    timeZoneInfo: /usr/share/zoneinfo

# authentication
    keyFile: /player22/db/shared/config/mongodb.key

# sharding
    configDB: rscfgsvr1/

# profiling
    # the slow operation time threshold, in milliseconds. Operations that run for longer than this threshold are considered slow.
    slowOpThresholdMs: 100
    # the fraction of slow operations that should be profiled or logged. operationProfiling.slowOpSampleRate accepts values between 0 and 1, inclusive.
    slowOpSampleRate: 1

# ssl
      mode: requireTLS
      certificateKeyFile: /player22/shared/ssl/cert-plus-key-decrypted.pem # ssl enabled between server nodes
      CAFile: /player22/shared/ssl/ca.pem # server also requires certificate from client

I found out it’s a mongodb bug. I’m not asking an answer on the forum any more.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.