Question

Problems with Certs

When I try to make a call to my DO PostGres database from my DO App, I get an error: {“code”:“SELF_SIGNED_CERT_IN_CHAIN”}

I’ve got the CA-Cert setup in my database connection:

databaseConfig = {
    host: process.env.DBhost,
    port: process.env.DBport,
    database: process.env.database,
    user: process.env.DBusername,
    password: process.env.DBpassword,
    ssl: {
        rejectUnauthorized: true,
        ca: process.env.CA_CERT,
    },
    sslmode: 'require'
   };
   

Here are the summaries of what I have working: Build & Deploy: Local System: Good DO Hosted App: Good

Non-PostGres Pinging Request: Local System: Good DO Hosted App: Good

DO PostGres Pinging Request: Local System: Good DO Hosted App: Fail {“code”:“SELF_SIGNED_CERT_IN_CHAIN”}

This suggests that the DO Host alone can’t connect for some reason.

I’ve tried changing node middleware - no effect.

I’ve tried the VPC approach but I can’t seem to add my App to it and it shouldn’t matter anyway.

I’ve tried to add my own Let’s Encrypt certs to the DO App, but don’t have Sudo access and it shouldn’t matter anyway.

What do I need to do to make this work?

Show comments

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Got it to work! Needed the SSL cert in file form, not in an environment variable.

KFSys
Site Moderator
Site Moderator badge
February 4, 2024

Heya,

You are correct, you’ll need your SSL cet in file form.

Additionally, regarding App Platform, if anyone stublmes upon this question, If you are using the DigitalOCean App Platform this is all done automatically. With the App Platform, DigitalOcean creates, manages, and renews your SSL certificates automatically.

This comment has been deleted

    Try DigitalOcean for free

    Click below to sign up and get $200 of credit to try our products over 60 days!

    Sign up

    Get our biweekly newsletter

    Sign up for Infrastructure as a Newsletter.

    Hollie's Hub for Good

    Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

    Become a contributor

    Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

    Welcome to the developer cloud

    DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

    Learn more
    DigitalOcean Cloud Control Panel