Set up TLS certificate

[JWBurgers]

I am attempting to connect Zeus to the server via a TLS certificate, but continue to run into the "hostname is not verified" error.

My understanding is that this can be resolved by setting the "rest-domain" configuration. (https://github.com/Ride-The-Lightning/c-lightning-REST/issues/131). What exactly should this option be set as?

[saubyk]

You should set the "rest-domain" configuration option to the domain name that the Zeus application will be connecting to. This domain name should match the external domain name that points to the server where c-lightning-REST is running. Once set, the c-lightning-REST setup process should generate a TLS certificate that includes the specified domain as a subjectAltName, allowing the Zeus application to verify the hostname successfully when establishing a secure connection.

Hope this helps

[saubyk]

Here's an example:

1. You have a domain name, for example, mylightningnode.com, which you want to use to access your c-lightning-REST server
2. Your c-lightning-REST server is running on a machine with the IP address 192.168.1.100
3. You want to use the Zeus mobile application to connect to your c-lightning-REST server securely using TLS.

In this scenario, you would set the "rest-domain" configuration option to mylightningnode.com. This domain should be configured in your DNS provider to point to the IP address 192.168.1.100 where your c-lightning-REST server is running.

After setting this option, you would generate a TLS certificate for your c-lightning-REST server that includes mylightningnode.com as a subjectAltName. This ensures that when the Zeus application connects to mylightningnode.com, the hostname matches the subjectAltName in the TLS certificate, and the connection can be established without the "hostname is not verified" error.

Remember to also configure port forwarding if your server is behind a router, and ensure that the port used by c-lightning-REST is open and accessible from the internet.