Skip to main content
Skip table of contents

Renovate EE server fails to start with error: no pg_hba.conf entry for host

Upon startup, the Renovate server exits prematurely with the following error:

JSON 
{
    "name": "renovate-server",
    "hostname": "mend-renovate-server-xxxx",
    "pid": 8,
    "level": 60,
    "logContext": "xxx",
    "err": {
        "length": 166,
        "name": "error",
        "severity": "FATAL",
        "code": "28000",
        "file": "auth.c",
        "line": "542",
        "routine": "ClientAuthentication",
        "message": "no pg_hba.conf entry for host \"1.2.3.4\", user \"postgresuser\", database \"postgres\", no encryption",
        "stack": "error: no pg_hba.conf entry for host \"1.2.3.4\", user \"postgresuser\", database \"postgres\", no encryption
            at Parser.parseErrorMessage (/usr/src/app/node_modules/pg-protocol/dist/parser.js:283:98)
            at Parser.handlePacket (/usr/src/app/node_modules/pg-protocol/dist/parser.js:122:29)
            at Parser.parse (/usr/src/app/node_modules/pg-protocol/dist/parser.js:35:38)
            at Socket.<anonymous> (/usr/src/app/node_modules/pg-protocol/dist/index.js:11:42)
            at Socket.emit (node:events:519:28)
            at Socket.emit (node:domain:488:12)
            at addChunk (node:internal/streams/readable:559:12)
            at readableAddChunkPushByteMode (node:internal/streams/readable:510:3)
            at Readable.push (node:internal/streams/readable:390:5)
            at TCP.onStreamRead (node:internal/stream_base_commons:191:23)"
    },
    "msg": "Failure initializing Renovate Enterprise - exiting...",
    "time": "2024-12-06T18:54:18.070Z",
    "v": 0
}

This is an AWS RDS specific error, and it is likely the result of the target instance requiring an SSL/TLS connection while the client (Renovate server in this case) lacks the proper TLS certificate to authenticate against it. For Postgres SQL versions 15 and higher, the rds.force_ssl parameter in the AWS RDS parameter group defaults to 1, which explains this behavior. 

In order for the Renovate server to establish a secure connection, the environment variable  MEND_RNV_POSTGRES_SSL_PEM_PATH needs to be set to the correct Postgres TLS certificate PEM file. See the reference documents below to determine how to obtain the Postgres TLS certificate bundle for an AWS RDS instance

Using SSL/TLS to encrypt a connection to a DB instance or cluster

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html

Using SSL with a PostgreSQL DB instance

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.html

If an SSL/TLS connection is not strictly required, setting rds.force_ssl to 0 will allow the connection to be established without SSL verification

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close