Check you pg config. It sounds like you are using pg 8 which deprecates
implicit disabling of certificate verification (as you have in your config where ssl is set to true but no ssl configuration is provided). Specify rejectUnauthorized: true to require a valid CA or rejectUnauthorized: false to explicitly opt out of MITM protection.
You can do so where you set up your pg config as follows
const client = new Client({
connectionString: connectionString,
ssl: { rejectUnauthorized: false }
})