From c61f2ee6dda2004e881b921bfd90ca0279cc5cc2 Mon Sep 17 00:00:00 2001 From: Daniel Padrino Date: Thu, 11 Jun 2026 10:39:29 -0300 Subject: [PATCH] fix(lightning): restore LIGHTNING_API_CERTIFICATE fallback when no cert path is set MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per review on #3861: prod dfx-api is not hosted on DFX servers yet, so it has no LND lightning volume to mount — removing the env var entirely left prod with no cert source once this code ships there. Restore the env var as the fallback for hosts without the mount; when LIGHTNING_API_CERTIFICATE_PATH is set it still reads the live file and throws if unreadable (fail-loud mount check unchanged). --- .env.example | 4 +++- src/config/config.ts | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.env.example b/.env.example index fb9eba2506..5f926e9062 100644 --- a/.env.example +++ b/.env.example @@ -181,8 +181,10 @@ LIGHTNING_LNBITS_API_KEY= LIGHTNING_LNBITS_LNURLP_URL= LIGHTNING_LND_API_URL= LIGHTNING_LND_ADMIN_MACAROON= -# Path to the live LND TLS cert file on disk (mounted into the container) +# Path to the live LND TLS cert file on disk (mounted into the container). +# If unset, LIGHTNING_API_CERTIFICATE is used instead (hosts without the LND volume). LIGHTNING_API_CERTIFICATE_PATH= +LIGHTNING_API_CERTIFICATE= MONERO_WALLET_ADDRESS= MONERO_NODE_URL= diff --git a/src/config/config.ts b/src/config/config.ts index b97bfd2d2b..abf63927ad 100644 --- a/src/config/config.ts +++ b/src/config/config.ts @@ -1287,7 +1287,9 @@ export class Configuration { function readCert(): string | undefined { const path = process.env.LIGHTNING_API_CERTIFICATE_PATH; - if (!path) return undefined; + + // No path (e.g. prod hosted without the LND volume): use the certificate env var. + if (!path) return process.env.LIGHTNING_API_CERTIFICATE?.split('
').join('\n'); // Path is set: read the live LND cert from disk and let a missing/unreadable file throw, // so a broken mount surfaces immediately instead of being masked by a stale fallback.