Compose and Let’s Encrypt Certificates

By: Dr. Abdullah Alger

Let’s Encrypt-enabled database connections

IBM Compose has been working hard on giving you a better, safer, and cleaner way to connect to your databases by using Let’s Encrypt-enabled database connections. We are now in the process of releasing LE-enabled connection strings for most MongoDB, RabbitMQ, Elastisearch, etcd, Redis, Scylla, and JanusGraph deployments.

What about your current connection strings? Your current * connection strings will still work with your self-signed certificate. We are not turning off the switch, just changing their presentation and guiding you towards a better way to connect. If you already have LE enabled on your deployment, great, your LE-enabled connection strings won’t change and will continue to work.

So, if you’re using the * connection strings, your Connection Strings panel will look like this with the SSL Certificate tab (this is an example from Compose for MongoDB):

this is an example from Compose for MongoDB

Then your Connection Strings panel will look like the following with * connection strings and without an SSL Certificate tab.

Connection Strings panel will look like the following with * connection strings and without an SSL Certificate tab.

The self-signed certificate is no longer present because it’s not needed. That means that instead of using a self-signed certificate to connect to your deployment, simply provide the new LE-enabled connection strings to your driver without the self-signed certificate. Remember to use both connection strings for high availability.

If you’re using VCAP and want to use LE-enabled connection strings, you’ll need to regenerate your VCAP credentials so that they reflect the connection string change.

For any assistance, our support team is happy to help you out. Just create a ticket by emailing

Be the first to hear about news, product updates, and innovation from IBM Cloud