Setting up TLS (Not self signed)

Hello!

I’m trying to set up MongoDB with support for TLS. I have been following the guides but I cannot get it to work.
I followed the guide to create a test CA, that worked somewhat (I got an error from mongosh reading self signed certificate). However, I’d like to not use self signed certificated.
Preferably I’d use Cloudflare (Or possibly LetsEncrypt), but whatever I seem to do, I get errors saying unable to verify the first certificate

My latest approach was:

  • Create my own private key
  • Create a certificate signing request based on the private key (Using FQDN mongo.example.com)
  • Hand the CSR to Cloudflare and have Cloudflare turn it into a certificate
  • Combine the certificate from Cloudflare with the private key generated earlier
  • Also tried downloading Cloudflare’s root cert to use as the CA File, but that didn’t work either

I doubt that it matters, but internally I use nginx to stream mongo.example.com:27017 to mongo:27017 which is a docker container

If anyone is willing to guide me through this a bit more, that would be greatly appreciated!