We are self-hosting n8n in a private network and use our own PKI solution and corporate certificate authority to issue SSL certificates. n8n is configured to run in Queue mode and OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS is set to true.
I followed the docs for configuring a custom CA but was still encountering SSL errors when trying to talk to our own n8n webhooks/endpoints and other internal services. It wasn’t until I also configured the workers with the custom CA certificate that everything started working.
My question is - is this expected? It makes sense to me that it is required (the workers will be the ones verifying the connection) but there is nothing in the documentation that mentions it.
Additionally, this took me longer to diagnose as I was using the example kubernetes hosting manifest from n8n.io which I think overrides the default entrypoint for n8n (which has some vital custom CA logic in it) meaning my certificates weren’t being trusted on startup. Is it safe to assume the sleep command in the example can be ignored and I can just allow the default entrypoint to be used?
- n8n version: 1.121.3
- Database: Postgres 16
- Running n8n via: Self-Hosted in AWS EKS
- Operating system: Bottlerocket OS 1.50.0 (aws-k8s-1.32)
Many thanks!
My question was - is it correct to install the certificate on the workers when running in Queue mode? If it is, then I think