2 months ago
This is the second time I am trying to create a hyperdrive connection for the same db.
The first connection to same db to CF Hyperdrive worked just fine 2 months ago, but I had to delete it for some reasons. (which now I think was a mistake 🙈 )
To further reproduce the issue, I deployed brand-new postgres 16 and 17 db on railway, even that got connected to hyperdrive.
My assumption is something got changed in the underline (hidden) config for which this one specific db get not able to get connected.
4 Replies
2 months ago
Project ID: f709cfb8-baef-49d9-b8ac-fd8d1140bf26
2 months ago
@passos The CF dashboard shows only this error message:
```
Failed to connect to the provided database: Protocol Error: Server
```
which is not descriptive in itself.
2 months ago
Hi! I looked into your issue. I couldn’t fully reproduce it (I don’t have an old DB to test with), but it looks like an SSL certificate expiration problem.
It looks like Railway uses self-signed certificates that expire around 820 days.
Key points I’m focusing on
2 months ago → certs still valid → worked fine
now → certs expired → Hyperdrive fails
new databases → fresh certs → work perfectly
Testing with a new Railway Postgres + Hyperdrive setup:
Valid SSL cert → connects fine with
?sslmode=require(more info in the readme.md linked at the bottom)
It looks like everything works fine when the certificates are valid. That suggests the problem with your old database is probably due to expired certificates. I couldn’t test that case myself because my database is newer, so I can’t say for sure.
If you want to force a certificate migration for your older database. Based on the following links, here's what I would try:
1. Head to the Variables tab in the dashboard
Add a new variable:
REGENERATE_CERTS=trueorSSL_CERT_DAYSDeploy
Info for REGENERATE_CERTS (Railway's Station: https://station.railway.com/questions/issue-with-postgres-ssl-certificate-date-b9c8cde4)
When I used this it didn't regenerate my certificates since they were brand new (Railway's script saw "Certificate will not expire" and skipped regeneration). This may work differently for you since your certificates are likely expired—the script should detect that and force regeneration.
Info forSSL_CERT_DAYS(Railway https://github.com/railwayapp-templates/postgres-ssl?tab=readme-ov-file#certificate-expiry) — This should trigger the "Certificate Renewal" step.
The fresh certificates will let Hyperdrive connect successfully. You can check your database's SSL certificate expiration dates with this command.
openssl s_client -starttls postgres -connect <your-railway-hostname>:<port> | openssl x509 -noout -dates
I’ve got more info and some screenshots, but to keep things tidy, I put everything in a README.md for you. 
2 months ago
The production database has already been re-deployed 2 times already and upon running the SSL certificate command to check the expiration date for the database.
It is showing:
notBefore=Sep 20 18:32:42 2024 GMT
notAfter=Dec 19 18:32:42 2026 GMT