By Renaldy1979
Hello DigitalOcean Support Team,
I am experiencing a persistent issue connecting my Bun/Elysia backend application, deployed on the DigitalOcean App Platform, to my Managed PostgreSQL Database.
The application successfully builds and deploys, but any attempt to connect to the database (specifically during the sign-in/login route when a query is executed) fails with a security error.
The application logs repeatedly show the following error, which originates from the pg-pool
layer of the database driver:
error: self signed certificate in certificate chain
code: "SELF_SIGNED_CERT_IN_CHAIN"
Based on your documentation and standard PostgreSQL practice, I have already attempted the following solutions, but the error remains:
SSL Configuration in Code: Explicitly setting rejectUnauthorized: false
within the database connection pool configuration (src/db/client.ts
).
Environment Variable Override: Setting the global environment variable NODE_TLS_REJECT_UNAUTHORIZED=0
in the App Platform settings.
Connection String Override: Appending the parameters ?sslmode=require&rejectUnauthorized=0
directly to the DATABASE_URL
environment variable.
CA Certificate Injection: I attempted to pass the downloaded CA certificate string to the driver’s ssl.ca
property (both directly and encoded in Base64), but this also failed to resolve the chain validation error.
Since all application-level solutions have failed, it suggests the issue may be related to the way the PgBouncer (the connection pooler) is configured on the Managed Database side, or a specific requirement for the trusted certificate chain that is not being satisfied in the App Platform environment.
Could you please assist in troubleshooting the PostgreSQL connection? Specifically, I need to know:
Is there a unique method for passing the required SSL configuration when connecting from a DigitalOcean App to a Managed Database?
Are there any firewall rules or specific CA chain details that might be missing from the standard environment?
Thank you for your prompt attention to this critical issue.
Best regards,
Renaldy Sousa / renaldy.sousa@gmail.com
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi there,
When you attach a Managed PostgreSQL database to your App Platform service, DigitalOcean automatically injects the required environment variables, including DATABASE_URL
and DATABASE_CA_CERT
.
You don’t need to download anything manually. Instead of bundling the certificate file in your repo, you can reference DATABASE_CA_CERT
directly in your code, for example:
const pool = new Pool({
connectionString: process.env.DATABASE_URL,
ssl: {
rejectUnauthorized: true,
ca: process.env.DATABASE_CA_CERT,
},
});
This avoids filesystem issues and is the recommended way to connect from App Platform.
There’s also a helpful thread with more details here: https://www.digitalocean.com/community/questions/how-to-add-ssl-certificate-to-app-platform-environment-variables-in-order-to-connect-to-managed-database
SSL can’t be disabled for DigitalOcean Managed Databases, it’s always enforced.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Full documentation for every DigitalOcean product.
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.
New accounts only. By submitting your email you agree to our Privacy Policy
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.