DT
Drizzle Team15mo ago
laubonghaudoi

Error: self signed certificate in certificate chain

Hello, I am a new user of drizzle and trying to run the command for the first time: 
drizzle-kit introspect:pg
drizzle-kit introspect:pg
But I got this error 
[⣟] 0 tables fetching
[⣟] 0 columns fetching
[⣟] 0 enums fetching
[⣟] 0 indexes fetching
[⣟] 0 foreign keys fetching
Error: self signed certificate in certificate chain
    at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)
    at TLSSocket.emit (node:events:390:28)
    at TLSSocket._finishInit (node:_tls_wrap:944:8)
    at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {
  code: 'SELF_SIGNED_CERT_IN_CHAIN'
}
[⣟] 0 tables fetching
[⣟] 0 columns fetching
[⣟] 0 enums fetching
[⣟] 0 indexes fetching
[⣟] 0 foreign keys fetching
Error: self signed certificate in certificate chain
    at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)
    at TLSSocket.emit (node:events:390:28)
    at TLSSocket._finishInit (node:_tls_wrap:944:8)
    at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {
  code: 'SELF_SIGNED_CERT_IN_CHAIN'
}
I am connecting drizzle to my Supabase instance, and my config file is like this 
import type { Config } from "drizzle-kit";

export default {
  schema: "./src/schema.ts",
  driver: "pg",
  out: "./drizzle",
  dbCredentials: {
    host: process.env.host,
    port: 5432,
    user: "postgres",
    password: process.env.password,
    database: "postgres",
    ssl: true,
  },
} satisfies Config;
import type { Config } from "drizzle-kit";

export default {
  schema: "./src/schema.ts",
  driver: "pg",
  out: "./drizzle",
  dbCredentials: {
    host: process.env.host,
    port: 5432,
    user: "postgres",
    password: process.env.password,
    database: "postgres",
    ssl: true,
  },
} satisfies Config;
I have already enabled ssl, why does this happen and how to resolve this?
21 Replies
phoenisx
phoenisx15mo ago
Related to https://github.com/drizzle-team/drizzle-orm/issues/831#issue-1781522128 Even I am trying to find how to connect to Remote Postgres (Encrypted), from localhost using Drizzle
GitHub
[BUG]: dbCredentials.ssl is not working while introspecting · Iss...
What version of drizzle-orm are you using? 0.27.0 What version of drizzle-kit are you using? 0.19.2 Describe the Bug The ssl option is not working while running introspect, // drizzle.config.ts exp...
laubonghaudoi
laubonghaudoi14mo ago
So it’s not a drizzle problem?
archer
archer14mo ago
Also having this issue...
rphlmr ⚡
rphlmr ⚡14mo ago
Hello I'm a Supabase user too 
import type { Config } from "drizzle-kit";
 
export default {
  schema: "./src/schema/*",
  out: "./drizzle",
  driver: 'pg',
  dbCredentials: {
    connectionString: "postgresql://postgres:PASSWORD@db.xxxx.supabase.co:5432/postgres",
  }
} satisfies Config;
import type { Config } from "drizzle-kit";
 
export default {
  schema: "./src/schema/*",
  out: "./drizzle",
  driver: 'pg',
  dbCredentials: {
    connectionString: "postgresql://postgres:PASSWORD@db.xxxx.supabase.co:5432/postgres",
  }
} satisfies Config;
Works great. Any reason you don't use the connection string?
laubonghaudoi
laubonghaudoi14mo ago
I tried using connection string too but it asks for SSL. I guess your supabase db doesnt require SSL connection?
rphlmr ⚡
rphlmr ⚡14mo ago
Will see asap, it is not a fresh db, maybe something in my config 🤔
rphlmr ⚡
rphlmr ⚡14mo ago
No description
rphlmr ⚡
rphlmr ⚡14mo ago
true, it is disabled on my project
laubonghaudoi
laubonghaudoi14mo ago
So it doesnt require you to connect with SSL?
rphlmr ⚡
rphlmr ⚡14mo ago
Nope, no need.
laubonghaudoi
laubonghaudoi14mo ago
So connection string doesnt work for me either, even after I turned off SSL. I got the same error.
rphlmr ⚡
rphlmr ⚡14mo ago
maybe try to restart your db (from supabase dashboard). I know support is really fast qnd helpful if you still encounter this issue.
laubonghaudoi
laubonghaudoi13mo ago
I have tried restarting the db, how to get their support? I thought the discord channel here is the support
rphlmr ⚡
rphlmr ⚡13mo ago
I mean Supabase support. Maybe they can help you looking at your project configuration.
pandareaper
pandareaper13mo ago
I've never used supabase, but a quick google told me it is possible to disable SSL enforcement in your database through the CLI Ideally you use SSL, to do so you would download the root certificate for your database following these instructions https://supabase.com/docs/guides/database/connecting-to-postgres#connecting-with-ssl You then need to configure nodejs to either pick up that root certificate, or configure your connection to pick it up. Last I checked, drizzle-kit doesn't support that You can either configure a path for nodejs to look for extra certificates to use for SSL verification https://nodejs.org/api/cli.html#node_extra_ca_certsfile Or configure it on your database connection (the preferred approach) 
return postgres({
          database: config.DB_NAME,
          user: config.DB_USER,
          password: config.DB_PASSWORD,
          host: config.DB_HOST,
          port: config.DB_PORT,
          max: config.DB_POOL_SIZE,
          ssl: config.RDS_CERT_BUNDLE_LOCATION
            ? {
                rejectUnauthorized: true,
                ca: [readFileSync(config.RDS_CERT_BUNDLE_LOCATION)],
              }
            : undefined,
})
return postgres({
          database: config.DB_NAME,
          user: config.DB_USER,
          password: config.DB_PASSWORD,
          host: config.DB_HOST,
          port: config.DB_PORT,
          max: config.DB_POOL_SIZE,
          ssl: config.RDS_CERT_BUNDLE_LOCATION
            ? {
                rejectUnauthorized: true,
                ca: [readFileSync(config.RDS_CERT_BUNDLE_LOCATION)],
              }
            : undefined,
})
Connecting to your database | Supabase Docs
Explore the options for connecting to your Postgres database.
Want results from more Discord servers?
Add your server