By jorge
I have an Express.js app trying to connect to a managed Postgres db. However the connection fails with the following cert error:
ERROR (16): Database connection failed
err: {
"type": "Error",
"message": "self-signed certificate in certificate chain",
"stack":
Error: self-signed certificate in certificate chain
at TLSSocket.onConnectSecure (node:_tls_wrap:1677:34)
at TLSSocket.emit (node:events:519:28)
at TLSSocket._finishInit (node:_tls_wrap:1076:8)
at ssl.onhandshakedone (node:_tls_wrap:862:12)
"code": "SELF_SIGNED_CERT_IN_CHAIN"
}
After some searching it looks like I need to pass in the db’s cert when configuring the connection:
export const db = pgp({
connectionString: DB_CONNECTION_STR,
connect_timeout: 15000, // 15 seconds
ssl: {
rejectUnauthorized: true,
ca: process.env.CA_CERT,
},
});
I also created an environment variable that mapped the value of ${<my-db-name>.CA_CERT} to CA_CERT as described in this article: https://docs.digitalocean.com/products/app-platform/how-to/use-environment-variables/#databases
I replaced <my-db-name> with the name of my managed Postgres instance. When creating the db, I just went with the autogenerated name. This is not my actual db’s name, but it has the same format: db-postgresql-sfo-1000
However, I can’t get the value of the ${db-postgresql-sfo-1000.CA_CERT} expression to evaluate to the correct value. When I write process.env.CA_CERT out to console log I get back the string ‘${db-postgresql-sfo-1000.CA_CERT}’. My guess is that the db name part of the value is not correct. The autogenerated name has hyphens so I tried underscores, but that didn’t help. How can I find what the right value for the ${<my-db-name>.CA_CERT} expression is that I should use?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi there,
Are you doing this during the build process or during the run stage?
Keep in mind that Database values are not available during build time but are available at runtime as mentioned here in the docs:
https://docs.digitalocean.com/products/app-platform/how-to/use-environment-variables/#databases
If this is not the case, there has been a similar discussion here about the same use-case:
The solution that the user mentioned was to switch to using Pool from pg:
export const pool = new Pool({
user: process.env.DB_USERNAME,
host: process.env.DB_HOSTNAME,
database: process.env.DATABASE,
password: process.env.DB_PASSWORD,
port: Number(process.env.DB_PORT),
ssl: {
rejectUnauthorized: true,
ca: process.env.CA_CERT,
},
})
Let me know how it goes!
- Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.