As the error message tells your host is not trusting the certificate authority (CA) which signed the certificate of your database server.
If you can afford to enable InsecureSkipVerify
then set sslmode=require
. This will prevent the client to verify the server's certificate chain and host name (but SSL will still be used).
If this is not an option you need to add the CA to your hosts trusted CAs. This depends on your OS. On Linux you have good chances when you add it to /etc/ssl/cert.pem
.
Obviously the PostgreSQL driver does not allow to specify a custom tls.Config
which would make things more flexible. In the source code you can see that it always uses tls.Config{}
. It does not provide an option to set custom RootCAs
.