Why am I getting an error when I upgrade to pg@8?


When upgrading from to version 8.x of the node module pg, an error will occur that mentions self signed certificates. It will look something like this:

2020-04-01T21:04:18.128008+00:00 app[web.1]: Error: self signed certificate
2020-04-01T21:04:18.128018+00:00 app[web.1]: at TLSSocket.onConnectSecure (_tls_wrap.js:1473:34)
2020-04-01T21:04:18.128020+00:00 app[web.1]: at TLSSocket.emit (events.js:311:20)
2020-04-01T21:04:18.128020+00:00 app[web.1]: at TLSSocket._finishInit (_tls_wrap.js:916:8)
2020-04-01T21:04:18.128021+00:00 app[web.1]: at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:686:12) {
2020-04-01T21:04:18.128021+00:00 app[web.1]: code: 'DEPTH_ZERO_SELF_SIGNED_CERT'
2020-04-01T21:04:18.128022+00:00 app[web.1]: }

A change was made to pg in version 8 that has made the defaults more secure, but unfortunately broken connecting to a Heroku database. This is explained here: https://node-postgres.com/announcements#2020-02-25


Depending on the setup, the pg config will need to set the rejectUnauthorized value to false. This can be done 1 of 2 ways:

Solution 1

Setting up the ssl settings from Pool params.

const { Pool } = require('pg');

const pool = new Pool({
  connectionString: process.env.DATABASE_URL,
  ssl: {
    rejectUnauthorized: false

Solution 2

Setting up configuration with pg-connection-string.

const { Pool } = require('pg');
const { parse } = require('pg-connection-string')

const config = parse(process.env.DATABASE_URL)

config.ssl = {
  rejectUnauthorized: false
const pool = new Pool(config)

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support