NEW

CCIP is now live for all developers. See what's new.

Back

Enabling HTTPS Connections

This guide will walk you through how to generate your own self-signed certificates for use by the Chainlink node. You can also substitute self-signed certificates with certificates of your own, like those created by Let's Encrypt.

Create a directory tls/ within your local Chainlink directory:

mkdir ~/.chainlink-sepolia/tls

Run this command to create a server.crt and server.key file in the previously created directory:

openssl req -x509 -out  ~/.chainlink-sepolia/tls/server.crt  -keyout ~/.chainlink-sepolia/tls/server.key \
  -newkey rsa:2048 -nodes -sha256 -days 365 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

Next, add the TLS_CERT_PATH and TLS_KEY_PATH environment variables to your .env file.

echo "TLS_CERT_PATH=/chainlink/tls/server.crt
TLS_KEY_PATH=/chainlink/tls/server.key" >> .env

If CHAINLINK_TLS_PORT=0 is present in your .env file, remove it by running:

sed -i '/CHAINLINK_TLS_PORT=0/d' .env

Also remove the line that disables SECURE_COOKIES by running:

code": "sed -i '/SECURE_COOKIES=false/d' .env

Finally, update your run command to forward port 6689 to the container instead of 6688:

cd ~/.chainlink-sepolia && docker run -p 6689:6689 -v ~/.chainlink-sepolia:/chainlink -it
--env-file=.env smartcontract/chainlink local n

Now when running the node, you can access it by navigating to https://localhost:6689 if running on the same machine or with a ssh tunnel.

What's next

Stay updated on the latest Chainlink news