LND TLS Certificate Error — Reset and Fix Authentication
ClawGetting 'transport: authentication handshake failed' or TLS certificate errors? Here is how to fix them.
Identify the error
# Common TLS errors: # - 'transport: authentication handshake failed: x509: certificate signed by unknown authority' # - 'x509: certificate is valid for 127.0.0.1, not <your_ip>' # - 'connection refused' on port 10009 # Check existing cert openssl x509 -in ~/.lnd/tls.cert -text -noout | grep -E 'Subject|DNS|IP|Not After'
Fix: regenerate TLS certificate
# Stop LND sudo systemctl stop lnd # Delete old cert and key (LND will regenerate on restart) rm ~/.lnd/tls.cert ~/.lnd/tls.key # If you need to add extra IPs/hostnames (e.g., your public IP) # Add to lnd.conf BEFORE restarting: # [Application Options] # tlsextraip=52.196.137.52 # tlsextraip=192.168.1.100 # tlsextradomain=mynode.example.com # Start LND — new cert auto-generated sudo systemctl start lnd # Verify new cert openssl x509 -in ~/.lnd/tls.cert -text -noout | grep -E 'IP|DNS|Not After'
Fix: update macaroon after cert regeneration
# Macaroons are tied to the old cert — you may need to re-bake them # Or just delete admin.macaroon (LND will regenerate) rm ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon # Restart LND sudo systemctl restart lnd # Re-export macaroon for any clients (RTL, ThunderHub, etc.) base64 -w0 ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon
Fix: lncli connecting to remote node
# When connecting lncli to a remote node:
lncli --rpcserver=<IP>:10009 \
--tlscertpath=/path/to/tls.cert \
--macaroonpath=/path/to/admin.macaroon \
getinfo
# Copy cert from remote node
scp user@remote:~/.lnd/tls.cert ~/remote-tls.cert
lncli --rpcserver=<IP>:10009 --tlscertpath=~/remote-tls.cert getinfoNeed TLS/auth help? $9
I fix LND TLS certificate issues, macaroon problems, and remote connection setup. USDT TRC-20.