LND TLS Certificate Expired — Renew and Fix Connection Errors
ClawIf lncli or your apps throw 'certificate has expired' or 'x509' errors, your LND TLS cert needs renewal.
Check cert expiry
# Check current cert expiry openssl x509 -enddate -noout -in ~/.lnd/tls.cert # Output: notAfter=Mar 10 12:00:00 2026 GMT # Check from remote (if LND is running) echo | openssl s_client -connect localhost:10009 2>/dev/null | openssl x509 -enddate -noout
Renew TLS certificate
# Method 1: Delete cert files and restart LND (auto-generates new ones) sudo systemctl stop lnd rm ~/.lnd/tls.cert ~/.lnd/tls.key sudo systemctl start lnd # LND creates new cert on startup # Method 2: If using lncli remotely, copy the new cert to your client scp user@your-node:~/.lnd/tls.cert ~/.lnd/tls.cert
Update macaroon after cert renewal
# After TLS renewal, existing connections may fail # Delete and recreate macaroons if needed: sudo systemctl stop lnd rm ~/.lnd/data/chain/bitcoin/mainnet/*.macaroon sudo systemctl start lnd # LND regenerates macaroons on startup # Re-export for apps that use them: xxd -ps -u -c 1000 ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon
Extend cert validity (prevent future expiry)
# In lnd.conf — increase TLS cert duration [Application Options] tls-cert-duration=87600h # 10 years # Then regenerate: sudo systemctl stop lnd rm ~/.lnd/tls.cert ~/.lnd/tls.key sudo systemctl start lnd
Add extra IPs/domains to the cert
# In lnd.conf: [Application Options] tlsextraip=192.168.1.100 tlsextraip=52.1.2.3 tlsextradomain=mynode.example.com # Then regenerate cert (delete and restart)
Need TLS/cert help? $9
I fix LND TLS certificate issues, macaroon problems, and remote connection setup. USDT TRC-20.