Creating a certificate for PgBouncer

Help
1

I am trying to create a Let's Encrypt certificate for PgBouncer. Not a website.

  1. Is it even possible to create a cert for PgBouncer separately?
  2. How do I create a DNS challenge separately?

The problem is that my website has a redirect for all incoming calls that NOT is a "valid page".
This seems to make certbot confused and hence refuse to create a certificate or DNS challenge.

Invalid response from https://adjob.se/hacker: "<!DOCTYPE html>\n<html lang=\"en\">

The version of my client is certbot 2.1.0

2

Let's Encrypt issues certs for domain names. I see that adjob.se is proxied behind Cloudflare. Do you use that domain name to access PgBouncer?

If so, do you already have a cert for that domain name on your Origin server?

If not, what is the domain name?

The PgBouncer docs explain setting up TLS and certs. So once you have a cert it looks like it should work

Not sure what you mean by "separately". But, if PgBouncer is accessed using the adjob.se domain you could use the cert you already have.

If you need a different cert you can use a DNS Challenge with Cloudflare. See Welcome to certbot-dns-cloudflare’s documentation! — certbot-dns-cloudflare 0 documentation

It is hard to say much more without more details from you

3 Likes
3

Actually this is pre-web.

A desktop client accessing Postgresql. And I plan to use PgBouncer in front of Postgresql. So on this VPS there is nothing else than the database and PgBouncer.

My main question was if Let's Encrypt works for PgBouncer?
I do not know what the domain has to do with this - other than verifying.

4

A cert is needed for the TLS connection. A Let's Encrypt cert is only issued for publicly validated domain names. An LE cert is intended for TLS clients to validate they are talking with the intended server.

If you don't need a domain validated cert couldn't you just use a self-signed cert?

You'd have to ask the PgBouncer people for the specifics of any cert specs they require. I didn't see anything unusual in their docs but I just skimmed them. I'd say "almost certainly" but the question lacks detail :slight_smile:

4 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.