diff --git a/capsulflask/__init__.py b/capsulflask/__init__.py
index e2ca2c4..cc708c2 100644
--- a/capsulflask/__init__.py
+++ b/capsulflask/__init__.py
@@ -38,10 +38,13 @@ app.config.from_mapping(
   SPOKE_HOST_TOKEN=os.environ.get("SPOKE_HOST_TOKEN", default="default"),
   HUB_TOKEN=os.environ.get("HUB_TOKEN", default="default"),
 
-  DATABASE_URL=os.environ.get("DATABASE_URL", default="sql://postgres:dev@localhost:5432/postgres"),
-
   # https://www.postgresql.org/docs/9.1/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
-  DATABASE_SSLMODE=os.environ.get("DATABASE_SSLMODE", default="prefer"), 
+  # https://stackoverflow.com/questions/56332906/where-to-put-ssl-certificates-when-trying-to-connect-to-a-remote-database-using
+  # TLS example: sslmode=verify-full sslrootcert=letsencrypt-root-ca.crt host=db.example.com port=5432 user=postgres password=dev dbname=postgres
+  POSTGRES_CONNECTION_PARAMETERS=os.environ.get(
+    "POSTGRES_CONNECTION_PARAMETERS", 
+    default="host=localhost port=5432 user=postgres password=dev dbname=postgres"
+  ),
 
   DATABASE_SCHEMA=os.environ.get("DATABASE_SCHEMA", default="public"),
 
diff --git a/capsulflask/db.py b/capsulflask/db.py
index 3e3b94e..197a221 100644
--- a/capsulflask/db.py
+++ b/capsulflask/db.py
@@ -1,7 +1,6 @@
 import psycopg2
 import re
 import sys
-from urllib.parse import urlparse
 from os import listdir
 from os.path import isfile, join
 from psycopg2 import pool
@@ -12,17 +11,11 @@ from capsulflask.db_model import DBModel
 from capsulflask.shared import my_exec_info_message
 
 def init_app(app):
-  databaseUrl = urlparse(app.config['DATABASE_URL'])
 
   app.config['PSYCOPG2_CONNECTION_POOL'] = psycopg2.pool.SimpleConnectionPool(
     1,
     20,
-    user = databaseUrl.username,
-    password = databaseUrl.password,
-    host = databaseUrl.hostname,
-    port = databaseUrl.port,
-    database = databaseUrl.path[1:],
-    sslmode = app.config['DATABASE_SSLMODE']
+    app.config['POSTGRES_CONNECTION_PARAMETERS']
   )
 
   schemaMigrations = {}
diff --git a/letsencrypt-root-ca.crt b/letsencrypt-root-ca.crt
new file mode 100644
index 0000000..300cd7d
--- /dev/null
+++ b/letsencrypt-root-ca.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
+rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
+OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
+xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
+7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
+aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
+SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
+ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
+AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
+R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
+JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
+Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+-----END CERTIFICATE-----
\ No newline at end of file