Certificate issue with convex self hosting with postgres
Description
I am setting up the self-hosted Docker image (ghcr.io/get-convex/convex-backend:latest) and I am trying to connect to a self hosted, native PostgreSQL instance running on the same server and subnet
My issue is that i cannot seem to connec to TLS / certificate issues. The Convex backend consistently refuses any connection due to a TLS handshake error (UnknownIssuer),
I have attempted to disable SSL on the client side and enforce plain-text on the server side, but the Convex backend appears to force a strict TLS handshake that cannot be bypassed.
Steps to Reproduce
Run ghcr.io/get-convex/convex-backend:latest via Docker Compose.
Set POSTGRES_URL to an external Postgres instance (e.g., postgres://user:pass@192.168.1.50:5432) that uses a self-signed certificate.
Error Logs
convex-backend | 2025-12-06T00:08:42.420497Z INFO postgres::connection: Postgres connection pool max size 128
convex-backend | 2025-12-06T00:08:42.459838Z ERROR common::errors: Caught error error ... error performing TLS handshake: invalid peer certificate: UnknownIssuer: invalid peer certificate: UnknownIssuer
convex-backend | Error: error performing TLS handshake: invalid peer certificate: UnknownIssuer
Attempted Fixes (All Failed)
I have tried the following configurations to bypass this, but the error persists identically:
First attempt as per the README
Environment Variable: Set DO_NOT_REQUIRE_SSL=1 in docker-compose.yml.
Other attempts on postgres side:
Connection String: Appended ?sslmode=disable to POSTGRES_URL.
Postgres Config: Configured pg_hba.conf on the server with hostnossl all all 0.0.0.0/0 md5 to force plain text.
Expected Behavior
Correct connection via plain text without attempting TLS.
Has anyone experienced this issue before?
1 Reply
Thanks for posting in <#1088161997662724167>.
Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets.
- Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.)
- Use search.convex.dev to search Docs, Stack, and Discord all at once.
- Additionally, you can post your questions in the Convex Community's <#1228095053885476985> channel to receive a response from AI.
- Avoid tagging staff unless specifically instructed.
Thank you!