Thanks @ek for your response and for sharing your insights.
Regarding the CLN version, I'm running
23.08-hotfix-1 so it should have CLNRest as built-in. And here's the path ~/core-lightning/data/c-lightning-rest/ to the certificate.pem 1. Also tried to find the ca.pem you mention without success, the only files found in the same folder are access.macaroon, certificate.pem, key.pem and rootKey.key. Any other place I could look for this file?So I open the certificate and place the content between
-----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- making sure I removed any space between the characters, converted to base64 using an online converter and then inputting in the form everything as a single line.Anyhow, I think the error is on the first thing you're mentioning, about the SSL. My node run exclusively on Tor and does not use SSL certificate for the connection. When I try to append
http:// to the onion address, the input validation script obviously give me error instantly: so are you saying I should run CLNRest over HTTPS? How I can do that?
Footnotes
-
You can see I also mentioned in point 3. Get your cert ↩
reply
Anyhow, I think the error is on the first thing you're mentioning, about the SSL. My node run exclusively on Tor and does not use SSL certificate for the connection.
If you don't use SSL, you don't need to give us a certificate. We only use HTTPS with Tor if you give us a certificate. Else we'll try to connect to your node over HTTP for Tor then.
So maybe it will work if you simply leave out the certificate?
So are you saying I should run CLNRest over HTTPS? How I can do that?
No, you don't have to but you could. I assumed you would run it over HTTPS since it's the default of CLNRest:
--clnrest-protocol: Specifies the REST server protocol. Default is HTTPS.
reply
Yes I tried as well leaving the cert empty and I get a different error:
1s [cln] ERROR could not connect to CLN: invalid json response body at http://hidden.onion:2104/v1/invoice reason: Unexpected token < in JSON at position 0 1s [cln] ERROR failed to attach wallet
In the JSON I've multiple runes and the one in position 0 does not have any restriction (and is there by default). The rune I've created and using is in position 1 and has the correct restrictions:
{ "rune": "hidden", "unique_id": "1", "restrictions": [ { "alternatives": [ { "fieldname": "method", "value": "invoice", "condition": "=", "english": "method equal to invoice" } ], "english": "method equal to invoice" } ], "restrictions_as_english": "method equal to invoice" }
So is maybe SN script looking at the rune in position 0 only and giving back that error? Should I edit the JSON and switch rune positions? Or what else could I try?
reply
Your rune seems to be fine. We only try to connect when we verified that your rune is properly limited to
method=invoice. We then use this rune with the Rune header as mentioned here and as you can see here. We don't do anything else to it.The error
invalid json response body at http://hidden.onion:2104/v1/invoice reason: Unexpected token < in JSON at position 0 means that we connected to your node successfully but it didn't return JSON as expected.Do you get a valid JSON response when you do a request from the same machine with
cURL? Try this:$ curl -X POST http://localhost:2104/v1/invoice -H "Rune: <your_rune_here>"
reply
maybe worth to mention I'm using umbrel
reply
I get the following error:
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot POST /v1/invoice</pre> </body> </html>
reply
🤨
Something seems to be wrong with your node. Looks like CLNRest is not running? I am not familiar with Umbrel unfortunately. Looking at the Umbrel docker-compose config for CLN, I wonder why they run CLNRest separately. Maybe that's related?
Since v23.08, it's built-in so they should add
--clnrest-port during start to enable it which they don't.reply
It is maybe using a different port?
Does make sense to edit the docker-compose.yml file and add under
command: for example:--clnrest-port=${APP_CORE_LIGHTNING_DAEMON_IP}: 2104
reply
You can for sure try. But try this:
--clnrest-port=2104
certificate.pemin a directory dedicated to the CLNRest plugin. Which CLN version are you running? It seems like you are not running at least v23.08 since CLNRest is a built-in plugin from this version on. It then stores the certificates at$HOME/.lightning/mainnet/.1certificate.pemis ambiguous since there should also be a server certificate in the same directory. In v23.08, the certificate we need is calledca.pem. It's the certificate of the certificate authority (CA) which establishes the trust chain, commonly called root certificate (yes, SSL/TLS is confusing).xxd -p -c0 ca.pemto get it in hex. My CA certificate starts with-----BEGIN CERTIFICATE-----which means it's not base64 or hex. Is this not the case for yours?Footnotes