How do I upgrade an RDS Postgres instance with expired CA?

I'm trying to upgrade the engine version on an old RDS Postgres instance. My modification fails, because the old certificate authority (rds-ca-2015) is not found.

Is there a way around it?

Error Screenshot

Topics

Migration & Modernization Analytics Database

Tags

Amazon Relational Database Service

Language

English

Nick

asked 3 months ago237 views

1 Answer

Newest
Most votes
Most comments

Accepted Answer

Hello.

How about trying to change only the RDS certificate using the following command with the AWS CLI?
Please note that "rds-ca-2019" will expire in 2024.
https://aws.amazon.com/jp/blogs/aws/rotate-your-ssl-tls-certificates-now-amazon-rds-and-amazon-aurora-expire-in-2024/

aws rds modify-db-instance \
          --db-instance-identifier <yourdbinstance> \
          --ca-certificate-identifier rds-ca-rsa2048-g1 \
          --apply-immediately

EXPERT

Riku_Kobayashi

answered 3 months ago

EXPERT

Oleksii Bebych

reviewed a month ago

EXPERT

Didier_Durand

reviewed 3 months ago

Nick
3 months ago
Updating only the CA has helped. Thank you!

Relevant content

How to upgrade Lightsail Postgres instance? (minor version upgrade)
AWS-User-6449199
asked 2 years ago
AWS RDS Postgres 14.7 -> 15.2 upgrade fails. How do I get at the logs?
David Adams
asked a year ago
RDS Postgres engine upgraded to unsupported version 14.3
pmorais
asked 2 years ago
Upgrade RDS Postgres engine from 9.6.11 to 10.6 - Migrate to Aurora
Accepted Answer
panhas
asked 5 years ago
How do I perform an Amazon RDS for MySQL version upgrade?
AWS OFFICIALUpdated 8 months ago
How do I connect to an SSL/TLS endpoint using the CA certificate bundle in an Amazon RDS Oracle wallet?
AWS OFFICIALUpdated 2 months ago
How do I troubleshoot issues that are related to the PostGIS extension when I upgrade my RDS for PostgreSQL instance?
AWS OFFICIALUpdated 3 months ago
How do I resolve the error: "The following parameters are not defined for the specified group" when I upgrade the engine version of my RDS cluster using CloudFormation?
AWS OFFICIALUpdated 2 years ago
Announcement: RDS/Aurora SSL/TLS Certificates are expiring between May and October 2024
EXPERT
randyyoung
published a month ago
[Announcement] Amazon RDS Extended Support opt-in behavior is changing. Upgrade your Amazon RDS for PostgreSQL 11 database instances before March 31, 2024 to avoid potential increase in charges.
EXPERT
Aslan
published 4 months ago