PostgreSQL error: no pg_hba.conf entry for host

FATAL:  no pg_hba.conf entry for host "10.0.0.23", user "app_user", database "appdb", SSL encryption

Good news first: the network path works and you reached PostgreSQL. It refused you because no line in pg_hba.conf matches the combination in the message: client address, database, user, and whether the connection uses SSL. The error hands you all four — the fix is writing a rule that matches them.

What this error means

pg_hba.conf is evaluated top to bottom, first match wins — and a connection that matches no line gets this error. Each line matches on connection type (local, host, hostssl, hostnossl), database, user and client address, then names the auth method to apply.

The tail of the message ("SSL encryption" / "no encryption") matters more than it looks: a hostssl line can never match a non-SSL attempt, and vice versa. If the message says "no encryption" and all your rules say hostssl, the fix is on the client (sslmode=require), not in the file.

Common causes

How to diagnose it

Take the four values from the error message and walk the rules with them:

-- La vista mostra le regole così come il server le ha lette,
-- con eventuali errori di parsing per riga:
SELECT line_number, type, database, user_name, address, auth_method, error
FROM pg_hba_file_rules;

Check, in order: is there a line whose connection type matches (SSL!)? whose database list includes yours? whose user list includes yours? whose address contains the client IP in the message?

How to fix it

Add a rule as narrow as the real need, then reload:

# /etc/postgresql/.../pg_hba.conf — esempio: app dal subnet privato, SSL, SCRAM
hostssl  appdb  app_user  10.0.0.0/24  scram-sha-256
SELECT pg_reload_conf();   -- oppure: systemctl reload postgresql
🔍 One step further along: password authentication failed — a rule matched, but the credential check failed.