Error: self signed certificate in certificate chain for Meteor 1.11

Hello everyone,
we’ve updated our app from 1.8 to 1.11 and now we have the following issue with the app deployed into GCP:

MongoNetworkError: failed to connect to server [xxx.appdomain.cloud:xxxxx] on first connect [Error: self signed certificate in certificate chain
W20200914-12:13:33.717(-4)? (STDERR)     at TLSSocket.onConnectSecure (_tls_wrap.js:1501:34)
W20200914-12:13:33.717(-4)? (STDERR)     at TLSSocket.emit (events.js:315:20)
W20200914-12:13:33.717(-4)? (STDERR)     at TLSSocket._finishInit (_tls_wrap.js:936:8)
W20200914-12:13:33.718(-4)? (STDERR)     at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:710:12) {
W20200914-12:13:33.718(-4)? (STDERR)   name: 'MongoNetworkError'
W20200914-12:13:33.718(-4)? (STDERR) }]

I’ve checked other threads for the topic, all of them suggest to add a specific section into the METEOR_SETTINGS. We use Docker containers, I can confirm that the METEOR_SETTINGS variable is set and we’ve tried the following 3 variants:

  1. Just ignore invalid certs…
{
  "public": {
   ...
  },
  "private": {
   ...
  },
  "packages": {
    "mongo": {
      "options": {
        "tlsAllowInvalidCertificates": true
      }
    }
  }
}

  1. Use cert from /private/mongo_cert.pem. I can confirm that the certificate is a valid one as I was able to connect to our Mongo DB using it. I can also confirm I see this cert deployed, so the file is available.
{
  "public": {
   ...
  },
  "private": {
   ...
  },
  "packages": {
    "mongo": {
      "options": {
        "tls": true,
        "tlsCAFileAsset": "mongo_cert.pem"
      }
    }
  }
}

  1. Just forget about certs at all
{
  "public": {
   ...
  },
  "private": {
   ...
  },
  "packages": {
    "mongo": {
      "options": {
         "tlsInsecure": true      
      }
    }
  }
}

None of the options described above seems to be working for us, we still got the error described above.

Please advice… help is very much appreciated.
Thank you!

Ok… A quick-fix that seems to be working is to add &tlsInsecure=true to your MongoDB URI. Still looking for the correct way to fix it though.