Name and Version

bitnami/wordpress:6.8.2

What architecture are you using?

amd64

What steps will reproduce the bug?

When trying to get this image running in a Fargate (AWS managed ECS/Kubernetes) cluster, I can only connect to an RDS instance if I set MYSQL_CLIENT_ENABLE_SSL_WRAPPER=no. If I log in to a running container and try to manually run mysql -h app.abc123.us-east-1.rds.amazonaws.com -P 3306 -u username -p I get

ERROR 2026 (HY000): TLS/SSL error: Certificate verification failure: The certificate is NOT trusted.

My guess is that the root certificate store for this image doesn't include the three current RDS certificate authorities as roots:

• rds-ca-rsa2048-g1 (expires May 25, 2061)
• rds-ca-ecc384-g1 (expires May 25, 2121)
• rds-ca-rsa4096-g1 (expires May 52, 2121)

What is the expected behavior?

You should be able to connect to the RDS instance without an SSL certificate error.

What do you see instead?

PHP logs are all I see in Cloudwatch, which just say "Could not connect to the database" without other details.