Nodejs/express app issue with (self-signed?) certificate

TL;DR: the TLS certificates come from Let’s Encrypt, but it seems node (or one of the packages I’m using to register user sessions/cookies) sees the certificate in my node app as self-signed and throws errors/warnings.

I’m having issues with an express/express-session app while trying to create user sessions. The options are these:

import pgConnect from 'connect-pg-simple';
import session, { SessionOptions } from 'express-session';

const PgStoreGenerator = pgConnect(session);

const sessionStore = new PgStoreGenerator({
  conString: getEnv('DATABASE_URL'),
  tableName: 'user_sessions',
  createTableIfMissing: true,

const sessionOptions: SessionOptions = {
  store: sessionStore,
  name: getEnv('SESSION_NAME'),
  secret: getEnv('SESSION_SECRET')!,
  resave: false,
  saveUninitialized: false,
  cookie: {
    secure: true,
    httpOnly: true,
    maxAge: +getEnv('SESSION_MAXAGE')! * 1000,
    sameSite: 'none',

A setup similar to this one has worked in, but in here I get errors while session table is pruned (happens automatically, I believe) and when attempting to send cookies to the client:

Apr 26 11:17:13 PM  Failed to prune sessions: self-signed certificate
Apr 26 11:18:05 PM  Error: self-signed certificate
Apr 26 11:18:05 PM      at TLSSocket.onConnectSecure (node:_tls_wrap:1540:34)
Apr 26 11:18:05 PM      at TLSSocket.emit (node:events:513:28)
Apr 26 11:18:05 PM      at TLSSocket._finishInit (node:_tls_wrap:959:8)
Apr 26 11:18:05 PM      at ssl.onhandshakedone (node:_tls_wrap:743:12)

I’m really not sure where to begin seeking help because it may be an issue with one of the libs (I’m opening issues in their respective repositories), but I thought I’d come here too since it didn’t happen when I had a similar app on railway.

Any and all suggestions are very welcome. Thanks! =]


That would suggest to me that you’re using the external database URL instead of the internal database URL - internal does not use a SSL connection so you shouldn’t get an issues around certs etc via that. Can you check which connection URL your service is using here?

Let us know how that goes?


John B

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.