The `wp db reset` command results with "ERROR 2026 (HY000): TLS/SSL error: self-signed certificate in certificate chain"

## Bug Report

- [x] Yes, I reviewed the [contribution guidelines](https://make.wordpress.org/cli/handbook/contributing/).
- [x] Yes, more specifically, I reviewed the guidelines on [how to write clear bug reports](https://make.wordpress.org/cli/handbook/bug-reports/).

**Describe the current, buggy behavior**

With the latest version of wp-cli (2.12.0), I'm unable to run the `wp db reset` command without getting an error related to TLS. Using the `mysql:8.0` docker image, the command results with:

```
ERROR 2026 (HY000): TLS/SSL error: self-signed certificate in certificate chain
```

I have to rollback to version 2.10.0 to have it working.

**Steps to reproduce**

- Download a brand new WP core package:

```bash
mkdir test-wpcli && cd test-wpcli
wget https://wordpress.org/latest.zip
unzip latest.zip
cd wordpress
cp wp-config-sample.php wp-config.php
```

- Edit wp-config.php:
  - define( 'DB_NAME', 'wpcli' );
  - define( 'DB_USER', 'root' );
  - define( 'DB_PASSWORD', '' );
  - define( 'DB_HOST', 'db' );

- Create the following docker-compose.yml file:

```yml
services:
  db:
    image: mysql:8.0
    command: --authentication-policy=mysql_native_password
    environment:
      MYSQL_ALLOW_EMPTY_PASSWORD: 'yes'
      MYSQL_DATABASE: wpcli
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
      interval: 2s
      timeout: 2s
      start_period: 30s
      retries: 30

  wordpress-cli:
    image: wordpress:cli-2.12.0-php8.4
    depends_on:
      db:
        condition: service_healthy
    volumes:
      - .:/var/www/html
    command: wp db reset --yes
```

- Run the `wp db reset` command

```bash
docker compose run --rm wordpress-cli
```
You should get the following error:

```
Error: Failed to get current SQL modes. Reason: ERROR 2026 (HY000): TLS/SSL error: self-signed certificate in certificate chain
```

If you disable SSL on the mysql service with `--ssl=0`:

```yml
db:
  command: --authentication-policy=mysql_native_password --ssl=0
```

The error message will change to:

```
Error: Failed to get current SQL modes. Reason: ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it
```

I have not been able to find a way to tell `wp db reset` to not use SSL.

**Describe what you would expect as the correct outcome**

The command should run without error and result with: `Success: Database reset.`

This is what I get if I use the `wordpress:cli-2.10.0-php8.2` docker image.

**Let us know what environment you are running this on**

I'm running docker on a Ubuntu 22.04 server host.

**Provide a possible solution**

It may be related to: https://github.com/wp-cli/db-command/issues/278



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

The `wp db reset` command results with "ERROR 2026 (HY000): TLS/SSL error: self-signed certificate in certificate chain" #288

Bug Report

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

The wp db reset command results with "ERROR 2026 (HY000): TLS/SSL error: self-signed certificate in certificate chain" #288

Description

Bug Report

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

The `wp db reset` command results with "ERROR 2026 (HY000): TLS/SSL error: self-signed certificate in certificate chain" #288