This guide applies to Electrum 4.0 and later versions.
Before you begin, ensure you have a TLS/SSL private key and a public certificate for your domain. These should be signed by a Certificate Authority (CA). You can obtain free certificates from services like LetsEncrypt.
Setting Up Your SSL Private Key
First, create a file containing only your SSL private key. The file should look like this:
-----BEGIN PRIVATE KEY-----
Your Private Key
-----END PRIVATE KEY-----
Important: This key is for your SSL certificate, not your wallet.
Next, tell Electrum where to find your SSL private key file. Use the following command:
electrum -o setconfig ssl_keyfile /path/to/ssl/privkey.pem
Replace /path/to/ssl/privkey.pem
with the actual path to your private key file.
Adding Your SSL Certificate Bundle
Next, you need to create a file for your SSL certificate bundle. This file should contain:
- Your certificate.
- Any intermediate certificates.
- The root CA certificate.
Arrange these in order, with your certificate at the top and the root CA at the bottom. The file structure should look like this:
-----BEGIN CERTIFICATE-----
Your Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Root Certificate
-----END CERTIFICATE-----
After creating this file, tell Electrum where to find it. Use this command:
electrum -o setconfig ssl_certfile /path/to/ssl/fullchain.pem
Replace /path/to/ssl/fullchain.pem
with the actual path to your certificate bundle file.
Verifying Your SSL Certificate Configuration
After setting up your SSL private key and certificate bundle, it’s important to confirm that Electrum has accepted your certificate. Here’s how to check:
Run the following command:
electrum -o get_ssl_domain
This command should return the Common Name of your certificate. The Common Name typically matches your domain name.