Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: easygoshuttle.com.au

I ran this command: psql -U postgres -h 149.28.162.21

It produced this output: psql: error: port 5432 failed: connection refused is the server accepting tcp/ip connections? (I think SSL certificate may cause this problem... I am trying to enable remote access from local server (my computer) to postgresql on server but it keep being failed. Do I need to put SSL certificate into my local computer? then where can I find the SSL certificate from?)

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Ubuntu 22.04 LTS X64

My hosting provider, if applicable, is: vultr.com

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): ubuntu linux or cmder (using ssh)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

This error does not look like its TLS related.

Also, do you really want PostgreSQL to be accessible to the world wide web? Personally, I wouldn't. I'd use a secure VPN or something similar and in that case, if the VPN and internal networks are secure, TLS wouldn't be necessary IMO.

And another thing: IF you want to use a TLS certificate from Let's Encrypt, you'd need to use a hostname to connect to, not an IP address, as the IP address aren't present in the certificate, so verification would fail.

Thank you! for your response. I did try some commands and finally I thought everything was okay but I got this message. "SSL connection has been closed unexpectedly" this must be something to do with SSL, right?

 openssl.s_client -connect 149.28.162.21:5432
CONNECTED(00000150)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 293 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

as server didn't reply anything to tls handshake, it looks like firewall droped the traffic

Great! thank you so much. I did try everything for firewall... I did "sudo ufw allow 5432" and check "sudo ufw status" on Ubutun but all good. I have no idea at all. All of sudden, I got this message just now "5432 failed: FATAL: no pg_hba.conf entry for host "1.156.56.244", user "postgresql", database "postgresql", SSL encryption
connection to server at "149.28.162.21", port 5432 failed: FATAL: no pg_hba.conf entry for host "1.156.56.244", user "postgresql", database "postgresql", no encryption" This IP address, "1.156.56.244" I have no idea about this IP address... Sorry for keep bothering you.

Maybe you should get PostgreSQL working first before trying to add encryption?

Then why are you worried about it (not being unable to access your database)?

It is likely just a scanner that came across your IP:PORT [reconnaissance/surveillance].
The Internet is filled with such requests; You can't worry about every failed entry in your logs.
You should worry more about opening such a port to the entire Internet!

Hello, Osiris
How have you been? Good to see you again. Okay I will find out VPN instead of IP connection. Thanks a lot

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.