I use LetsEncrypt certificates for all my services, and mount those certificates against the Percona MySQL docker container:
volumes: - /path/to/certs/:/etc/my.cnf.d/certs/:ro
[mysqld] ssl_cert = "/etc/my.cnf.d/certs/fullchain.pem" ssl_key = "/etc/my.cnf.d/certs/privkey.pem"
If I update those certificates in the Host, do I need to do anything on the container, such as either restarting or run “FLUSH SSL;”, or will the container handle the certificates being updated?
Also, I noticed that even though I have my own certificates, Percona has gone ahead and generated some Server and Client certificates inside the local /var/lib/mysql/ folder. I wonder if it’s really using my own certificates, although the paths seem to be the ones I provided, when I look at the live variables on the server. So I’m not sure what the certificates created inside /var/lib/mysql/ are used for.