LND macaroon Invalid or Revoked — Fix Auth Errors

Getting 'invalid macaroon' or 'permission denied' errors? Here's how to reset and fix LND macaroon authentication.

Understand macaroons

# LND uses macaroons for API authentication
# Main macaroons:
# admin.macaroon   - full access
# invoice.macaroon - create/lookup invoices only
# readonly.macaroon - read-only access

# Location:
ls -la ~/.lnd/data/chain/bitcoin/mainnet/*.macaroon

Fix: wrong macaroon path

# Check lncli is using the right macaroon
lncli --macaroonpath ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon getinfo

# Or set in lncli config (~/.lncli/config)
[Application Options]
macaroonpath=~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon
rpcserver=localhost:10009
tlscertpath=~/.lnd/tls.cert

Fix: regenerate macaroons

# Stop LND
sudo systemctl stop lnd

# Delete macaroons (LND regenerates on next start)
rm ~/.lnd/data/chain/bitcoin/mainnet/*.macaroon

# Restart LND
sudo systemctl start lnd

# Verify new macaroon works
lncli getinfo

Create restricted macaroon (for apps/bots)

# Create read-only macaroon
lncli bakemacaroon info:read offchain:read onchain:read

# Create invoice-only macaroon (for payment pages)
lncli bakemacaroon invoices:read invoices:write

# Create macaroon with IP restriction
lncli bakemacaroon --ip_macaroon 192.168.1.0/24 info:read offchain:read

# Export macaroon as base64 (for apps)
base64 -w0 ~/.lnd/data/chain/bitcoin/mainnet/invoice.macaroon

Revoke a specific macaroon

# LND doesn't support per-macaroon revocation
# To revoke: delete ALL macaroons and regenerate
# All clients will need updated macaroons after this

# Nuclear option:
rm ~/.lnd/data/chain/bitcoin/mainnet/*.macaroon
sudo systemctl restart lnd

Need macaroon/auth help? $9

I fix LND auth issues, set up restricted macaroons, and secure remote access. USDT TRC-20.

→ Service page