Custom Hosts

ARKVault allows you to set up your own custom hosts if so desired. The following information outlines the various approaches you can use in order to set up custom hosts.

Use Your Own SSL Certificate with a Domain (Recommended #1)


We recommend using both a domain and SSL certificate together with Cloudflare to allow for the most secure setup for your custom host. While Cloudflare is not a prerequisite, it gives you the benefit of free DDoS protection.

Create DNS A record (yourDomain) pointing to your node IP address. Ensure you have all CRT files (Intermediate 3, Intermediate 2, Intermediate 1 and Root Certificate) from the issuer along with your own CRT file in a single location.

1Example file names:
2# Root CA Certificate - AddTrustExternalCARoot.crt
3# Intermediate CA Certificate 1 - UTNAddTrustSGCCA.crt
4# Intermediate CA Certificate 2 - ComodoUTNSGCCA.crt
5# Intermediate CA Certificate 3 - EssentialSSLCA_2.crt
6# Your SSL Certificate - yourDomain.crt

Create a bundle file that contains all of these files.


cat yourDomain.crt EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt >> yourDomain-bundle.crt

Create a folder and copy the newly-created bundle crt and key files into it.


2mkdir ~/ssl
3cp /path/to/yourDomain-bundle.crt /path/to/yourDomain.key ~/ssl

Add the necessary variables to your .env(/.config/ark-core/mainnet/.env) file.



Upon restarting Core, your logs should indicate that an HTTPS server has initialized.


INFO: Public API (HTTPS) Server started at

Let’s Encrypt SSL Certificate with a Domain (Recommended #2)

Create DNS A record (yourDomain) pointing to your node IP address.


Cloudflare users need to turn off host protection/proxy during the initial setup.

Install Certbot.

sudo apt-get update && sudo apt-get install certbot

Obtain your certificate.

sudo certbot certonly --standalone --preferred-challenges http -d yourDomain

When executing the command, a prompt will appear requesting that you enter an email address and agree to the terms of service. Upon doing so, a message should appear informing you that the process completed successfully and reveal the location in which your certificates are stored. The location should resemble the following:

/etc/letsencrypt/live/yourDomain so /etc/letsencrypt/live/yourDomain/fullchain.pem is your CRT bundle file and /etc/letsencrypt/live/yourDomain/privkey.pem is your key file.

Create a user-readable folder and copy the bundle and key files. You will then need to set the correct permissions.

2mkdir ~/letsencrypt
3sudo cp /etc/letsencrypt/live/yourDomain/fullchain.pem ~/letsencrypt
4sudo cp /etc/letsencrypt/live/yourDomain/privkey.pem ~/letsencrypt
5sudo chown -R $USER:$GROUP ~/letsencrypt

Add the necessary variables to your .env (/.config/ark-core/mainnet/.env) file.



Upon restarting Core, your logs should indicate that an HTTPS server has initialized.


INFO: Public API (HTTPS) Server started at

Handle automated Let’s Encrypt renewals.


You must execute the following steps as root user.

sudo -i

Create using the following content:

1#!/usr/bin/env bash
2DOMAIN=yourDomain #<= set your domain
3CORE_USER=user #<= set the user Core runs with
4CORE_GROUP=group #<= set the core user group
6cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem /home/$CORE_USER/letsencrypt
7cp /etc/letsencrypt/live/$DOMAIN/privkey.pem /home/$CORE_USER/letsencrypt
8chown -R $CORE_USER:$CORE_GROUP /home/$CORE_GROUP/letsencrypt
9su - $CORE_USER -c "pm2 restart all"

Move the script into your /root folder and set executable flag: chmod +x /root/

Edit the renewal config /etc/letsencrypt/renewal/yourDomain.conf by appending the following line:

renew_hook = /root/

Ensure the renewal does not result in any errors by running certbot renew --dry-run.

If successful, proceed with adding a cronjob for root.

echo "0 12 * * * /usr/bin/certbot renew -q" | crontab -

Upon completing the setup, you can return to the user shell.



Cloudflare users can now turn host protection/proxy back on.

Self-Signed Certificates (Not Safe, Not Recommended)


Due to the security concerns associated with this setup, it is not recommended. As such, if you choose to use this approach, you do so at your own risk.

Modern Browsers do not allow communication between HTTPS and HTTP hosts since there is no means of encrypting the connection. However, you can bypass this if so desired (for example, by using the bypass phrase thisisunsafe in Chromium browsers).

If you still wish to use a self-signed certificate despite that fact modern browsers will treat it as untrusted, then use the following setup:

Create a new directory and cd into it.

1mkdir ark-ssl-core-api
2cd ark-ssl-core-api

Generate a key and certificate.

1openssl genrsa -out yourDomain.key
2openssl req -new -key yourDomain.key -out yourDomain.csr
3openssl x509 -req -days 365 -in yourDomain.csr -signkey yourDomain.key -out yourDomain.crt

Configure Core to use the certificate.

Last updated 2 years ago
Edit Page