`DEPTH_ZERO_SELF_SIGNED_CERT - Error: self-signed certificate"` when using Postgres with `PGSSLMODE: "require"`

[dennisameling]

We have followed the instructions to connect Renovate to our Postgres instance. Our instance requires SSL, so we also had to set PGSSLMODE: "require". We don't have a requirement to validate the self-signed certificate.

However, when doing so, Renovate fails to boot (Failure initializing Renovate community edition - exiting...) with the following error:

{
  "stack": "Error: self-signed certificate\n    at TLSSocket.onConnectSecure (node:_tls_wrap:1679:34)\n    at TLSSocket.emit (node:events:518:28)\n    at TLSSocket.emit (node:domain:489:12)\n    at TLSSocket._finishInit (node:_tls_wrap:1078:8)\n    at ssl.onhandshakedone (node:_tls_wrap:864:12)",
  "code": "DEPTH_ZERO_SELF_SIGNED_CERT",
  "message": "self-signed certificate"
}

This is unexpected because PGSSLMODE: "require" by default shouldn't validate the certificate. For that we'd use something like verify-ca or verify-full.

It works when we set NODE_TLS_REJECT_UNAUTHORIZED: "0", but that's undesired because it disables certificate validation on the entire NodeJS process.

Are there any other environment variables we can tweak to make things work with PGSSLMODE: "require"? Thanks!