Where can I find the ssl certificate?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: easygoshuttle.com.au

I ran this command: psql -U postgres -h 149.28.162.21

It produced this output: psql: error: port 5432 failed: connection refused is the server accepting tcp/ip connections? (I think SSL certificate may cause this problem... I am trying to enable remote access from local server (my computer) to postgresql on server but it keep being failed. Do I need to put SSL certificate into my local computer? then where can I find the SSL certificate from?)

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Ubuntu 22.04 LTS X64

My hosting provider, if applicable, is: vultr.com

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): ubuntu linux or cmder (using ssh)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

This error does not look like its TLS related.

Also, do you really want PostgreSQL to be accessible to the world wide web? Personally, I wouldn't. I'd use a secure VPN or something similar and in that case, if the VPN and internal networks are secure, TLS wouldn't be necessary IMO.

And another thing: IF you want to use a TLS certificate from Let's Encrypt, you'd need to use a hostname to connect to, not an IP address, as the IP address aren't present in the certificate, so verification would fail.

6 Likes

Thank you! for your response. I did try some commands and finally I thought everything was okay but I got this message. "SSL connection has been closed unexpectedly" this must be something to do with SSL, right?

 openssl.s_client -connect 149.28.162.21:5432
CONNECTED(00000150)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 293 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

as server didn't reply anything to tls handshake, it looks like firewall droped the traffic

4 Likes

Great! thank you so much. I did try everything for firewall... I did "sudo ufw allow 5432" and check "sudo ufw status" on Ubutun but all good. I have no idea at all. All of sudden, I got this message just now "5432 failed: FATAL: no pg_hba.conf entry for host "1.156.56.244", user "postgresql", database "postgresql", SSL encryption
connection to server at "149.28.162.21", port 5432 failed: FATAL: no pg_hba.conf entry for host "1.156.56.244", user "postgresql", database "postgresql", no encryption" This IP address, "1.156.56.244" I have no idea about this IP address... Sorry for keep bothering you.

Maybe you should get PostgreSQL working first before trying to add encryption?

4 Likes

Then why are you worried about it (not being unable to access your database)?

It is likely just a scanner that came across your IP:PORT [reconnaissance/surveillance].
The Internet is filled with such requests; You can't worry about every failed entry in your logs.
You should worry more about opening such a port to the entire Internet!

5 Likes

Hello, Osiris
How have you been? Good to see you again. Okay I will find out VPN instead of IP connection. Thanks a lot

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.