MongoDB: SSL/TLS handshake failed and No suitable servers found

Question

So I've a bit of a problem relating to Mongo and SSL Certificates. NOT hosting the mongo instance (other answers aimed at self-hosters).

The error am getting is:

PHP Fatal error: Uncaught MongoDB\Driver\Exception\ConnectionTimeoutException: 
No suitable servers found (`serverSelectionTryOnce` set): 
[TLS handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed calling ismaster on 'x.y.mongodb.net:27017'] [TLS handshake failed ...........

How do you resolve this? Next step is to reach out to Mongo Support and this could be time consuming so any info is much appreciated.

Answer 1

Mongo Atlas recently changed root certificates from IdenTrust to ISRG. They rotate certificates every 45 days. Your cluster started to use new root CA on the last scheduled rotation.

Something like this should tell you what CN is being used:

echo | openssl s_client -showcerts -connect x.y.mongodb.net:27017 2> /dev/null | grep -E "(Certificate|CN\s*=|O\s*=)"

Check if you have any notifications like "Changes to MongoDB Atlas TLS root certificate" in your inbox. It should have detailed information regarding the change communicated well in advance.

Otherwise please reach out to the support team by chat in Atlas UI or by email. I am sure they have playbooks for your case and it won't take much time.