The NEM team would like to thank Patrick (Telegram: @spizzerb) for writing this tutorial.


This tutorial is created and tested with Debian 8. Other Linux distributions should be similar to setup. We will go through the steps to create an https node.


We are going to use Vim as our text editor. You can also use GNU nano if you are more familiar with it.

For a basic Vim tutorial visit:

You can also use nano or any other text-editor.

Prepare a domain

Before we start with the setup, buy/create a domain and create an A-Record which points to the IP of your node.

An A record maps a domain name to the IP address of the computer hosting the domain. Simply put, an A record is used to find the IP address of a computer connected to the internet from a name.

Once done, connect to the node and continue with the setup.

Firewall & Ports

To enable https, we need port 7891 (NIS) in addition to 7890 and port 7779 (WebSocket) in addition to 7778. Setup your firewall/router to allow incoming connections on port 7891 and 7779!

Install & setup dehydrated for letsencrypt SSL certs

Add " jessie-backports main" to the sources.

cd /etc/apt/sources.list.d  

Create the file "backports.list"

vim backports.list  

Add following line to the file and save with Esc + :wq

deb jessie-backports main  

Now that the source is added, we continue with the installation.

apt-get update  
apt-get install dehydrated  
cd /etc/dehydrated  
vim domains.txt  

Add your domain from the first step to the txt-file and save with Esc + :wq  

Edit the config and save with Esc + :wq

cd conf.d  

Add following lines to the file:
(E-Mail can be from a different domain then the SSL Cert)

CONTACT_EMAIL="[email protected]"  

Save & quit


After the config is done, we create a hook for dehydrated

cd ..  

Add following lines to the file and save it with Esc + :wq


function deploy_challenge {  
    local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"

    echo "Please add the following record to the DNS zone:"
    echo "_acme-challenge.$DOMAIN IN TXT \"$TOKEN_VALUE\""
    echo "Press enter when installed!"

function clean_challenge {  
    local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"

function deploy_cert {  
    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" CHAINFILE="${4}"

HANDLER=$1; shift; $HANDLER [email protected]  

Make executable

chmod +x  

Create an SSL certificate with dehydrated

Once everything is setup, you can create a certificate by executing following line:

/usr/bin/dehydrated --cron --challenge dns-01 --domain --hook /etc/dehydrated/

The output should look like:
create certificate Now go back to your domain and create a DNS TXT record with the shown string.
create dns txt record Once done, press enter and if everything worked, the output should be looking similar to:
(if you receive an error it is most likely a problem with the TXT-record) output Now that we have the SSL cert we continue with the setup of stunnel.

Install & setup stunnel

apt-get install stunnel4 -y  

Create the file stunnel.conf

vim /etc/stunnel/stunnel.conf  

Add following lines to stunnel.conf and save with Esc + :wq

accept = 7891  
connect =  
cert = /var/lib/dehydrated/certs/  
key = /var/lib/dehydrated/certs/

accept = 7779  
connect =  
cert = /var/lib/dehydrated/certs/  
key = /var/lib/dehydrated/certs/  

Set stunnel ENABLED to "1" and save with Esc + :wq

vim /etc/default/stunnel4  



To test if everything works, go to a browser and access and

Automatic renewal

Letsencrypt certificates are valid for three months, thus we setup a cronjob to automatically renew the certificate.

crontab -e  

Add following lines to the file

0 2 * * 6 /usr/bin/dehydrated --cron  
2 2 * * 6 /etc/init.d/stunnel4 reload  

Quit & save the config.

Blog Logo

A Nember




Official Blog of NEM/XEM

Back to Overview