Self-Hosted using Self-Signed Certificate or Owner Certificate

I searched a lot about this topic in this amazing community but the only the closest answer to the solution was: Change SSL Certify

But some things changed in 1 year and I had some difficulties making this work, but finally, I achieved the solution and I would like to share with you:

First, if you need to use traefik follow the topic above and just change the certs-traefik.yml to:

tls:
  certificates:
    - certFile: /certs/server.crt
      keyFile:  /certs/server.key
      stores:
        - default

  stores:
    default: { }

It’s necessary because to summarize…some browsers like Firefox don’t recognise some self-signed certificates and when this happens, the traefik auto-generates one. You can confer here: https://traefik.io/blog/traefik-2-tls-101-23b4fbee81f1/

But if you don’t need traefik, just map the path where certificates are and add the variables N8N_SSL_CERT and N8N_SSL_KEY with the docker path mapped.

Follow the docker-compose example:

  n8n:
    image: n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    environment:
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_SSL_CERT=/etc/.n8n/certs/server.crt
      - N8N_SSL_KEY=/etc/.n8n/server.key
      - N8N_PROTOCOL=https
    volumes:
      - ${DATA_FOLDER}/.n8n:/etc/.n8n
      - ${DATA_FOLDER}/.n8n/certs:/etc/.n8n/certs

I hope it helps!

4 Likes

One more step needed for noobs: how to create compariable server.crt and server.key files for https works?

Hey @orth,

I would generally advise against using a self signed certificate and instead use something like Lets Encrypt. If you are using a self signed cert you are potentially opening yourself up to issues.

For generating a cert you should be able to do it using OpenSSL or whatever tool you would normally use for creating your certificates.

Is somewhere the instruction how to correctly set up https for self hosted n8n instance without domain?

Lets Encrypt’s step by step breaks on ‘The Let's Encrypt certificate authority will not issue certificates for a bare IP address.

Hey @orth,

If you are just using an IP you would need to take the self signed route as long as you are aware of the risks that come with using self signed certificates.

We don’t have instructions on generating a self signed certificate but you should be able to do it with OpenSSL or any other tool you would normally use for making your certificates. If you need a quick guide for general OpenSSL usage this page looks pretty good: OpenSSL Essentials: Working with SSL Certificates, Private Keys and CSRs | DigitalOcean