I'm completely new to postgresql and I'm struggling with its SSL configuration.
...
The certificate chain has 4 certificates, 1 root, 1 intermediate signed by the root certificate, a second intermediate signed by the first one and a server certificate signed bt the second intermediate certificate. I'll call it server.
I also have a second server certificate also signed by the second intermediate certificate. I'll call it server2.
You only describe having server certs, but the error message says a client cert is needed. You don't describe having any client certs. Maybe you are trying to use a server cert as if it were a client cert, but that is unlikely to work. The server cert needs the hostname of the server as a CN (or SAN), while a client cert needs the username of client (either ccid or server2, not sure which) as the CN.
hostssl all ccid all cert map=rafe
This demands a client cert. Server certs are common. Client certs are somewhat rare, are you sure you actually want those? If so, you will need to set yourself up with one.
