When connecting using Cloud SQL Proxy, ERROR 2013 (HY000): Lost connection to MySQL server at error occurs

Question

ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0 "Internal error/check (Not system error)"

· The OS is debian 8. · Cloud SQL and Compute Engine are identical projects. · The Compute Engine instance has full API access rights. · We also set up Cloud SQL Admin.

sudo apt-get update sudo apt-get install mysql-client

wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy chmod +x cloud_sql_proxy

Connection is OK.

mysql --host=[INSTANCE_IP_ADDR] --user=root --password

TCP socket

./cloud_sql_proxy -instances==tcp:3306

The following error occurs.

$ mysql -u root -p --host 127.0.0.1 --port 3306 Enter password: ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0 "Internal error/check (Not system error)"

---

2018/07/24 06:57:43 Listening on 127.0.0.1:3306 for xxxxxx:asia-east1:xxxxxx 2018/07/24 06:57:43 Ready for new connections 2018/07/24 06:59:16 New connection for "xxxxxxx:asia-east1:xxxxxx" 2018/07/24 06:59:17 couldn't connect to "xxxxxxx:asia-east1:xxxxx": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Google Cloud SQL Server CA")

I can not solve the connection error, I am in trouble. Help me.

---

Thank you for your instruction. I tried using the credential_file option, but a similar error occurs.

sudo vi xxxxx917672.json

./cloud_sql_proxy -instances=xxxxxx:asia-east1:xxxxxx:3306 -credential_file=xxxxxxxxx917672.json

---

$ ./cloud_sql_proxy -instances=xxxxxx:asia-east1:xxxxxxx=tcp:3306 -credential_file=xxxxxxx917672.json 2018/07/24 09:23:48 using credential file for authentication; email=xxxxxxxxx@developer.gserviceaccount.com 2018/07/24 09:23:48 Listening on 127.0.0.1:3306 for v

---

$ mysql -u root -p --host 127.0.0.1 --port 3306 Enter password: ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0

2018/07/24 09:25:57 New connection for "xxxxxx:asia-east1:xxxxxxx" 2018/07/24 09:25:58 couldn't connect to "xxxxx:asia-east1:xxxxxxx": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Google Cloud SQL Server CA")

---

Compute Engine default service account, because the key was not created, the key is created and executed by json. Also, from the details of Compute Engine's VM instance, we confirm permission to service account and full access right to all Cloud APIs.

Is there anything wrong with the setting?

---

Answer 1

I've had the same problem with "certificate signed by unknown authority" after MySQL update in GCP. What helped in my case was to reset SSL configuration (Google Cloud Console -> SQL -> choose instance -> CONNECTIONS (tab) -> Reset SSL configuration). After that everything was as before the update.

Before I've tried that, I had also generated a new certificate for service account used to connect to the instance but this single change alone did not helped.

Answer 2

Change the timeout connection in haproxy.cfg from 3500ms to 5s.

Answer 3

It's necessary to provide credentials to the proxy. Take a look at:

https://cloud.google.com/sql/docs/mysql/sql-proxy#authentication-options