Custom DNS/Host in Route53

I have a dns entry and would like to just point it at my Neon instance as part of a migration saving me the headache of having to rebuild. I get this error in dbeaver when I hit test connection. I probably have to do a migration anyway since the username password changed and there’s no way to set a custom password, but still it’d be nice.

SSL error: Received fatal alert: access_denied
Received fatal alert: access_denied

Hey, not sure if it’s only a password issue (thinking there can be some SSL certificate validation issue)
However, if you want to have an user with permanent password across your branches, I think you should be able to create a separate user (role), with custom password.
Manage Roles - Neon Docs

1 Like

Hey @Yetzederixx, just like @vmatt mentioned, you can create a custom role using SQL and set a specific password during the role creation process. Would that solve your issue?

1 Like

Nope, I can connect just fine in code/dbeaver to the provided route @Mahmoud @vmatt when I create a CNAME in Route53 that points to Neon and then try to use that route is when I get the error.

@Yetzederixx, it appears that the SSL certificate is not valid for your domain. It’s only valid for domains. For example, in my instance, the certificate is only valid if the domain ends with as indicated by Subject: CN = *

You can verify this by following the instructions in this DBA Stack Exchange post:

First, get the Python file from:

Then run: | openssl x509 -noout -text

Copy Code

If you’re looking to save time and not replace the hostname, user, and password each time due to compute node changes with a new branch, there’s a solution. You can repoint an existing compute node from an old branch to a new one. Unfortunately, it’s only possible via the API and not through the UI. However, it’s a simple single request, which makes it quite straightforward.

You can find out how to do this in the Neon documentation under branch promotion:

@Mahmoud: The documentation for this process is somewhat buried in this guide. It might be beneficial to relocate the information to the Manage Computes wiki page.

@Yetzederixx, if above method doesn’t meet your needs, and you require your own URL for connections, the best alternative would be to set up a reverse proxy. This involves spinning up an EC2 instance and pointing your domain to that EC2. With this setup, you can generate your own certificates.
For guidance on setting up a reverse proxy, refer to this article: