How to configure SSL with Electrum

This page was written for Electrum 4.0 (currently in development)

You should have a TLS/SSL private key and a public certificate for your domain set up already (signed by a CA, for example free Letsencrypt)

Add your SSL private key

Create a file that contains only the private key:

-----BEGIN PRIVATE KEY-----
your private key
-----END PRIVATE KEY-----

Please note that this is not your wallet key but a private key for the matching TLS/SSL certificate.

Set the path to your the SSL private key file with setconfig:

electrum -o setconfig ssl_keyfile /path/to/ssl/privkey.pem

Add your SSL certificate bundle

Create another file, file that contains your certificate, and the list of certificates it depends on, up to the root CA. Your certificate must be at the top of the list, and the root CA at the end.

-----BEGIN CERTIFICATE-----
your cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediate cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
root cert
-----END CERTIFICATE-----

Set the ssl_chain path with setconfig:

electrum -o setconfig ssl_certfile /path/to/ssl/fullchain.pem

Check that your certificate was accepted by Electrum

Check that your SSL certificate correctly configured:

electrum -o get_ssl_domain

This should return the Common Name of your certificate.