I’m trying to configure my local n8n instance to use SSL encryption but running into issues. I want to switch from the default HTTP setup to HTTPS for security reasons.
Here’s what I’ve tried adding to my environment configuration:
However, when I launch n8n, the console still shows:
Workflow editor available at:
http://localhost:5678/
The HTTPS configuration doesn’t seem to take effect. Has anyone successfully configured SSL for an on-premises n8n installation? What am I missing in my setup?
Environment variables might not load properly depending on how you start n8n. I hit this running n8n through npm - export commands worked fine in my shell but n8n wasn’t picking them up. Try adding the variables directly to your start command: N8N_PROTOCOL=https N8N_SSL_KEY=/path/to/key N8N_SSL_CERT=/path/to/cert npx n8n. This makes sure the variables are there when the process starts. Also check that your certificate and key actually match - I wasted hours debugging once only to find I was using a cert from a different keypair. You can check this with openssl x509 -noout -modulus -in certificate.crt | openssl md5 and compare it with openssl rsa -noout -modulus -in private.key | openssl md5.
try docker instead of installing directly - ssl setup’s way easier. just mount your certs as volumes and set the environment variables in docker-compose.yml. fixed my export issues when nothing else would stick.
Your environment variables look correct, but n8n may not be recognizing them upon startup. I faced a similar challenge when transitioning to HTTPS on my local setup. If you are using Docker, consider defining your environment variables directly in the docker-compose file instead. Alternatively, you could create a .env file within your n8n directory rather than relying on export commands. It’s also crucial to verify that your SSL certificate files are valid—use openssl to check their formatting. The console message indicating HTTP might be cached; ensure that port 5678 responds to HTTPS requests, despite what the console displays.
make sure your ssl files are in the right place and permissions are set! i had a similar problem a while ago, just ended up being a mispath. don’t forget to restart n8n after changing the env vars; it can cache the old settings.
You’re experiencing issues configuring SSL encryption for your local n8n instance. While you’ve correctly set the environment variables N8N_PROTOCOL, N8N_SSL_KEY, and N8N_SSL_CERT, n8n is still running on HTTP, indicated by the http://localhost:5678/ URL in the console. This suggests that n8n isn’t properly loading or utilizing your SSL certificates. The core issue isn’t with your workflow or node configurations, but with the server’s SSL setup.
Understanding the “Why” (The Root Cause):
The problem likely lies in how n8n is accessing and interpreting your environment variables, or the validity and accessibility of your SSL certificates. Simply setting environment variables may not always be sufficient, especially if n8n is launched in a specific way (e.g., through a process manager, npm script, or Docker). Furthermore, even if the environment variables are correctly read, issues with certificate paths, permissions, or certificate validity can prevent HTTPS from working. The console message might be cached, showing an outdated status.
Step-by-Step Guide:
Verify SSL Certificate and Key: Use openssl to confirm the validity of your certificate and key, and that they match. Execute these commands in your terminal:
The output of the modulus commands should be identical for both files. If they differ, you’re using mismatched key pairs, a common source of SSL errors.
Check File Paths and Permissions: Ensure the paths specified in your environment variables (N8N_SSL_KEY and N8N_SSL_CERT) are absolutely correct. Use absolute paths to avoid ambiguity. Check file permissions using:
ls -la /home/user/ssl/private.key /home/user/ssl/certificate.crt
The n8n user needs read access (r) to both files. If permissions are incorrect, adjust them accordingly (e.g., using chmod 644 /home/user/ssl/certificate.crt).
Directly Set Environment Variables During Startup: Instead of relying solely on shell export commands, directly embed environment variables in your n8n startup command:
or (if using a process manager such as systemd): Modify your service file to include those variables within the environment section.
This forces n8n to use the SSL settings at its launch.
Test the HTTPS Endpoint Directly: Ignore the console output for now. Directly access https://localhost:5678/ in your browser. Your browser will likely indicate whether the SSL certificate is valid. If not, investigate the certificate problems further.
Restart n8n: After making any changes, completely restart the n8n instance. n8n might be caching the older HTTP configuration.
Common Pitfalls & What to Check Next:
Self-Signed Certificates: If using self-signed certificates, ensure they’re correctly configured and your browser trusts them (you’ll likely need to add an exception). They must include the correct Subject Alternative Name (SAN) for localhost.
Firewall: Make sure your firewall allows HTTPS traffic on port 5678.
Alternative Startup Methods: If you start n8n differently (e.g., via Docker, systemd, etc.), you might need to configure the environment variables within that setup.
Proxy Server: if you’re behind a proxy server, this can also interfere with the SSL handshake. Make sure that your proxy settings are configured correctly.
Still running into issues? Share your (sanitized) config files, the exact command you ran, and any other relevant details. The community is here to help!
Check if n8n has permission to read those SSL files. I had the exact same problem - n8n was silently failing to load the certificates and falling back to HTTP without any error message. Run ls -la on your cert files to make sure the n8n user can actually read them. Also, some n8n versions are weird about relative paths, so try absolute paths if you haven’t already. Don’t trust that console output showing HTTP - test the actual HTTPS endpoint directly to see if SSL is really working or not.
Had this exact problem with my n8n setup last month. Skip the export commands - they don’t work reliably. Create a .env file in your n8n root directory and put the variables there instead. Check that your cert files actually exist at those paths and that n8n can read them. If you’re using self-signed certificates, n8n gets picky about them. Make sure they include proper subject alternative names for localhost when you generate them. Don’t trust the console output showing HTTP - it’s often wrong. Just test https://localhost:5678 directly to see if SSL actually works.
Understanding the “Why” (The Root Cause):
Step-by-Step Guide:
Common Pitfalls & What to Check Next:
Still running into issues? Share your (sanitized) config files, the exact command you ran, and any other relevant details. The community is here to help!