I’m having a hard time finding the correct documentation and also wrapping my head around the process of getting HTTPS requests working with n8n. I’m wondering if someone here would be kind enough to explain this to me like I’m 5 years old.
I have n8n installed in docker on windows, it’s all running so smoothly except for 1 bit, I can’t make requests to some nodes such as Xero because I don’t have an ssl cert setup. I see there’s a lot of mention of something called traefik and nginx.
However, all of the guides that I’m finding revolves linux and linux commands. How can I install SSL certs on Windows.
I found a tool called CertBot which I’m not a 100% sure what it does but even that has a warning in the installation process that it doesn’t work with nginx on windows.
How can I set this up on Windows? Or is this even possible on Windows?
Outbound HTTPS requests should work (you to Xero) as Xero won’t really care if n8n is using HTTPS for that part. Where it could matter though is for OAuth redirects if Xero doesn’t support http://localhost:5678.
How to install a certificate would depend on a few different things…
Do you have a domain that you plan to use already?
Can your n8n instance be accessed by anyone on the internet?
If both of these are “yes” I would follow our docker example that includes the Traefik configuration which will handle the certificate process for you. If your n8n instance is only local to you then you could use a self signed certificate, mkcert is pretty good and will generate the certificates for you and you can then configure n8n to use them. You can also make certificates using Powershell but if you are not sure how to handle certs or move them between different formats it might be easier to use something else.
I ended up abandoning the process. I spent less time researching how to built an Ubuntu Server then SSH into it and install Docker using your documentation.
I would just say that the documentation could use some clarification. I didn’t realise that you don’t need to modify the .yml files to have your domain there and such, those are set in the .env
Perhaps that’s why I couldn’t get it to work on Windows even though I have my custom domain redirected through A records. I did however fail your second point and that is probably because I modified the .yml file.
To anyone who is reading this in the future, follow the docker setup page word by word and then troubleshoot, the SSL part takes care of itself if you do so. Except, the ubuntu command to start docker should be " sudo docker compose up ", not the one in the guide based on another post in these forums.
Also, I thought that traefik was a paid service and that I should register somewhere for it first but nah, it works.
Actually, Jon maybe you can help me with this one:
username-traefik-1 | time=“2023-05-09T07:59:18Z” level=error msg=“Unable to obtain ACME certificate for domains "n8n.mydomain.com": unable to generate a certificate for the domains [n8n.mydomain.com]: error: one or more domains had a problem:\n[n8n.mydomain.com acme: error: 400 :: urn:ietf:params:acme:error:dns :: no valid A records found for n8n.mydomain.com; no valid AAAA records found for n8n.mydomain.com\n” providerName=mytlschallenge.acme ACME CA=“https://acme-v02.api.letsencrypt.org/directory” routerName=n8n@docker rule=“Host(n8n.mydomain.com)”
I use namecheap like you and have set my A record to point to my local server, it’s working, even Xero is working with it’s https, so not sure what this error is about!
That is good to hear, We have an assumption with our documentation that if you are self hosting you have existing knowledge of managing containers and configuring servers. The yaml files load from the environment variables file so ${XYZ} would be replaced with the environment option that matches XYZ.
What is interesting though is running docker on windows should have no impact on this because of how Docker works so I suspect there was something else odd going on. The error message is Traefik saying that it can’t get an certificate for n8n.mydomain.com because there is no dns record for it, It could just be a hiccup it typically takes a couple of hours for DNS to filter it’s way through the web.
If you are able to access your instance using https://n8n.mydomain.com though I would ignore the message for now.