diff --git a/lib/modules/platform/github/index.md b/lib/modules/platform/github/index.md
index 08f588e5e32ed01f487a2c405fe1d33f22d58d16..6540a424234468a7e6f1cc9254f7d5412ca17c97 100644
--- a/lib/modules/platform/github/index.md
+++ b/lib/modules/platform/github/index.md
@@ -2,7 +2,8 @@
 
 ## Authentication
 
-First, [create a Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) for the bot account, select `repo` scope.
+First, [create a classic Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-personal-access-token-classic) for the bot account, select `repo` scope.
+Fine-grained Personal Access Tokens do not support the GitHub GraphQL API and cannot be used with Renovate.
 
 Let Renovate use your PAT by doing _one_ of the following:
 
diff --git a/lib/modules/platform/github/index.spec.ts b/lib/modules/platform/github/index.spec.ts
index d148c41874781080e9caea84896f0a90c1167e05..d9a211a825ddc7bb4c58434d8bd92c82be766e1c 100644
--- a/lib/modules/platform/github/index.spec.ts
+++ b/lib/modules/platform/github/index.spec.ts
@@ -56,6 +56,14 @@ describe('modules/platform/github/index', () => {
       );
     });
 
+    it('should throw if fine-grained token', async () => {
+      await expect(
+        github.initPlatform({ token: 'github_pat_XXXXXX' })
+      ).rejects.toThrow(
+        'Init: Fine-grained Personal Access Tokens do not support the GitHub GraphQL API and cannot be used with Renovate.'
+      );
+    });
+
     it('should throw if user failure', async () => {
       httpMock.scope(githubApiHost).get('/user').reply(404);
       await expect(github.initPlatform({ token: '123test' })).rejects.toThrow();
diff --git a/lib/modules/platform/github/index.ts b/lib/modules/platform/github/index.ts
index 573dc8bf70a84a9cc10e4fe088877ab3f51c0cf6..1ce38129842978bf76cb31917d5f9a832e2da7ee 100644
--- a/lib/modules/platform/github/index.ts
+++ b/lib/modules/platform/github/index.ts
@@ -129,6 +129,11 @@ export async function initPlatform({
   if (!token) {
     throw new Error('Init: You must configure a GitHub token');
   }
+  if (token.startsWith('github_pat_')) {
+    throw new Error(
+      'Init: Fine-grained Personal Access Tokens do not support the GitHub GraphQL API and cannot be used with Renovate.'
+    );
+  }
   token = token.replace(/^ghs_/, 'x-access-token:ghs_');
   platformConfig.isGHApp = token.startsWith('x-access-token:');
 
diff --git a/lib/workers/global/config/parse/__snapshots__/env.spec.ts.snap b/lib/workers/global/config/parse/__snapshots__/env.spec.ts.snap
index 0f673583d47ccc37c546459c4479bbbed5b2abba..47739dda648ac9b0050f075f10174b1588ff9ca5 100644
--- a/lib/workers/global/config/parse/__snapshots__/env.spec.ts.snap
+++ b/lib/workers/global/config/parse/__snapshots__/env.spec.ts.snap
@@ -1,5 +1,12 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
+exports[`workers/global/config/parse/env .getConfig(env) does not support GitHub fine-grained PATs 1`] = `
+{
+  "hostRules": [],
+  "token": "a github.com token",
+}
+`;
+
 exports[`workers/global/config/parse/env .getConfig(env) supports Azure DevOps 1`] = `
 {
   "endpoint": "an Azure DevOps endpoint",
diff --git a/lib/workers/global/config/parse/env.spec.ts b/lib/workers/global/config/parse/env.spec.ts
index 3dc48e238f08ff687fbbf28d5ce6d1707d098525..ff963b7658dadc5f9cad660e409bc5641af46c1b 100644
--- a/lib/workers/global/config/parse/env.spec.ts
+++ b/lib/workers/global/config/parse/env.spec.ts
@@ -148,6 +148,16 @@ describe('workers/global/config/parse/env', () => {
       });
     });
 
+    it('does not support GitHub fine-grained PATs', () => {
+      const envParam: NodeJS.ProcessEnv = {
+        GITHUB_COM_TOKEN: 'github_pat_XXXXXX',
+        RENOVATE_TOKEN: 'a github.com token',
+      };
+      expect(env.getConfig(envParam)).toMatchSnapshot({
+        token: 'a github.com token',
+      });
+    });
+
     it('supports GitHub custom endpoint and gitlab.com', () => {
       const envParam: NodeJS.ProcessEnv = {
         RENOVATE_ENDPOINT: 'a ghe endpoint',
diff --git a/lib/workers/global/config/parse/env.ts b/lib/workers/global/config/parse/env.ts
index c92ccce10d3ea35204057c7047f16414d6b884b6..ebb48e129b6f3fa78278dfae75e6a4fa4c225b53 100644
--- a/lib/workers/global/config/parse/env.ts
+++ b/lib/workers/global/config/parse/env.ts
@@ -133,12 +133,18 @@ export function getConfig(inputEnv: NodeJS.ProcessEnv): AllConfig {
   });
 
   if (env.GITHUB_COM_TOKEN) {
-    logger.debug(`Converting GITHUB_COM_TOKEN into a global host rule`);
-    config.hostRules.push({
-      hostType: 'github',
-      matchHost: 'github.com',
-      token: env.GITHUB_COM_TOKEN,
-    });
+    if (env.GITHUB_COM_TOKEN.startsWith('github_pat_')) {
+      logger.warn(
+        'GITHUB_COM_TOKEN: Fine-grained Personal Access Tokens do not support do not support the GitHub GraphQL API. Use a classic PAT instead.'
+      );
+    } else {
+      logger.debug(`Converting GITHUB_COM_TOKEN into a global host rule`);
+      config.hostRules.push({
+        hostType: 'github',
+        matchHost: 'github.com',
+        token: env.GITHUB_COM_TOKEN,
+      });
+    }
   }
 
   // These env vars are deprecated and deleted to make sure they're not used