WF Workflow Fixes

self hosting

N8N SSL Setup

For public n8n deployments, use HTTPS either through a reverse proxy or n8n's SSL settings, then make sure generated editor and webhook URLs also use HTTPS.

Primary query: n8n ssl setup Applies to: self-hosted, HTTPS, SSL Opportunity: 4 Source-backed draft

Independent third-party notes. n8n is a trademark of its owner and is referenced only for compatibility and troubleshooting context.

Quick Answer

For public n8n deployments, use HTTPS either through a reverse proxy or n8n's SSL settings, then make sure generated editor and webhook URLs also use HTTPS.

Key Facts

Security variable group
n8n documents SSL-related environment variables under security settings.
Public URL alignment
N8N_PROTOCOL and WEBHOOK_URL should reflect HTTPS when public access uses HTTPS.
Common production approach
Terminate TLS at a reverse proxy and forward traffic to n8n internally.
Webhook dependency
External apps often require HTTPS webhook targets.

Recommended Steps

  1. Choose whether TLS terminates at a reverse proxy or n8n itself.
  2. Install and renew certificates through the chosen method.
  3. Set N8N_PROTOCOL=https for public HTTPS deployments.
  4. Set WEBHOOK_URL to the HTTPS public base URL.
  5. Test the editor and a production webhook over HTTPS.

Verification

  • The browser shows a valid HTTPS connection.
  • Generated webhook URLs start with https://.
  • External webhook providers can deliver requests without TLS errors.

Warnings

  • Do not expose credentials or webhook payloads over plain HTTP on public networks.
  • Certificate renewal failures can break webhook integrations.

Best For

  • Public self-hosted n8n instances.
  • Webhook integrations from third-party services that require HTTPS.
  • Deployments that need secure browser access to credentials and workflow data.

Not For

  • Local-only disposable testing on localhost.
  • Situations where a managed platform already handles TLS completely.
  • Cases where the domain or proxy route is still not configured.

Common Mistakes

  • Serving the editor over HTTPS while generated webhook URLs still use http://.
  • Letting certificates expire without monitoring.
  • Exposing n8n publicly over plain HTTP.
  • Confusing TLS termination at the proxy with SSL settings inside n8n.

Examples

HTTPS URL alignment The browser URL and webhook URL should agree. 
Browser URL:
https://automation.example.com

Generated webhook URL:
https://automation.example.com/webhook/order-created

Mismatch to fix:
http://automation.example.com/webhook/order-created
TLS readiness checklist Use this before connecting production apps. 
Valid certificate: yes
Auto-renewal: yes
N8N_PROTOCOL=https: yes
WEBHOOK_URL=https://...: yes
External webhook smoke test: yes

FAQ

Should TLS terminate at the reverse proxy or n8n?

Many production deployments terminate TLS at a reverse proxy. The key is that public URLs and n8n endpoint settings still generate HTTPS links.

Why do webhooks show http:// after I enabled HTTPS?

The public endpoint variables may still indicate HTTP or the old base URL. Check N8N_PROTOCOL and WEBHOOK_URL.

Is HTTPS required?

For public deployments handling credentials, webhook payloads, or browser sessions, HTTPS should be treated as required.

Sources

n8n Security Environment Variables Accessed 2026-05-07 n8n Endpoint Environment Variables Accessed 2026-05-07 n8n Deployment Environment Variables Accessed 2026-05-07

Related Pages

self hosting

N8N Reverse Proxy Setup

run n8n behind a reverse proxy

 self hosting

N8N Custom Domain Setup

configure custom domain for n8n

 error fix

N8N Webhook Troubleshooting

fix webhook trigger problems

 self hosting

N8N VPS Hosting Guide

choose a VPS for n8n