We added an external endpoint to our postgres database and our connection is failing because the hostname in the certificate doesn’t match the endpoint’s hostname. It appears to be just the internal hostname in the certificate. How can we get the new endpoint hostname added to the cert?
Hi David! Welcome to the Aptible Community.
Reloading the Database with
aptible db:realod will restart the Database with a new certificate that has the Database’s hostname and all Endpoint hostnames associated with it. A restart is required to make this change but we decided not to do so automatically when provisioning the Endpoint as a restart creates some Database downtime, though it’s relatively minimal (< 60 seconds). Since this isn’t super obvious we didn’t want users to be caught by surprise.
Note that this only applies to PostgreSQL and MySQL Databases. All other Database types use a
*.aptible.in wildcard certificate which is valid for both the Database hostname and all Database Endpoints. See the Database Encryption in Transit documentation for more details.