Решил я настроить SSL для подключения к серверу PostgreSQL
В /main/pg_hba.conf добавил
hostssl all postgres 0.0.0.0/0 scram-sha-256
hostssl all postgres ::0/0 scram-sha-256
пароли пользователям пересоздал при смене md5 на scram-sha-256 - без SSL всё работает...
В /main/postgresql.conf раскоментил поля и указал пути к сертификатам
ssl = on
#ssl_ca_file = ''
ssl_cert_file = '/etc/letsencrypt/live/fullchain.pem'
#ssl_crl_file = ''
ssl_key_file = '/etc/letsencrypt/privkey.pem'
ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
ssl_prefer_server_ciphers = on
ssl_ecdh_curve = 'prime256v1'
ssl_dh_params_file = '/etc/letsencrypt/ssl-dhparams.pem'
#ssl_passphrase_command = ''
#ssl_passphrase_command_supports_reload = off
перезапуск сервера и попытка подключения.
root@PostgeSQL:~# psql -h dot.com postgres
could not connect to server: Connection refused
Is the server running on host "dot.com" and accepting
TCP/IP connections on port 5432?
could not connect to server: Connection refused
Is the server running on host "dot.com" and accepting
TCP/IP connections on port 5432?