Question

Error: self signed certificate in certificate

Posted January 5, 2022 176 views
Node.jsPostgreSQLDigitalOcean 1-Click Apps MarketplaceDatabasesDigitalOcean Managed PostgreSQL Database

My app cannot connect to the managed database instance I just created because of the following error:

[2022-01-05 11:20:18] yarn run v1.22.17
[2022-01-05 11:20:18] $ NODE_ENV=production node build/server.js
[2022-01-05 11:20:21] > App started http://localhost:3000
[2022-01-05 11:20:21] node:internal/process/promises:246
[2022-01-05 11:20:21]           triggerUncaughtException(err, true /* fromPromise */);
[2022-01-05 11:20:21]           ^
[2022-01-05 11:20:21] 
[2022-01-05 11:20:21] Error: self signed certificate in certificate chain
[2022-01-05 11:20:21]     at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)
[2022-01-05 11:20:21]     at TLSSocket.emit (node:events:390:28)
[2022-01-05 11:20:21]     at TLSSocket._finishInit (node:_tls_wrap:944:8)
[2022-01-05 11:20:21]     at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {
[2022-01-05 11:20:21]   code: 'SELF_SIGNED_CERT_IN_CHAIN'
[2022-01-05 11:20:21] }
[2022-01-05 11:20:21] error Command failed with exit code 1.
[2022-01-05 11:20:21] info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

Inspired by: https://www.digitalocean.com/community/questions/mongonetworkerror-self-signed-certificate-in-certificate-chain

This is how I configured my connection:

    connection: {
      connectionString: DATABASE_URL,
      ssl: {
        ca: fs.readFileSync(CA_CERT).toString(),
      },
    },

I don’t want to set rejectUnauthorized: false, I want to use the certificate you provide.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi @akoskm,

I might be wrong but I think since it’s a self-signed certificate can’t be trusted as it’s not verified. (untrusted = not verified by a certificate authority)

I would not recommend setting this environment variable rejectUnauthorized: false in production as your application would not be trusted by users.

I think you can use free Let’s Encrypt certificates for this purpose as well.

Here is a similar question here:

https://www.digitalocean.com/community/questions/can-t-connect-via-nodejs-error-self-signed-certificate-in-certificate-chain

  • The problem is that you add ?sslmode=require to the connection strings and I can’t do anything about that.

    The node posgresql driver doc points out that if you append sslmode to the connection string, anything you put into ssl is ignored https://node-postgres.com/features/ssl.

    If any of these options are used then the ssl object is replaced and any additional options provided there will be lost.

    It’s a bummer that you recommend using DATABASE_URL in your docs but it can’t work by design with PostgreSQL & Node.