Some people might want to directly use server HTTP handlers as embedded resource on a website using TLS (HTTPS). Since the default CitizenFX server certificate is for do-not-trust.citizenfx.invalid, this will not work by default without showing giant security warnings.

Here’s a quick way to replace this with a certificate for your own domain.

Prerequisites

• A domain.
• OpenSSL command-line tool.

Steps

1. Create a certificate using a Let’s Encrypt API client (such as ZeroSSL, from the browser). You’ll need to save the ‘domain key’ and ‘domain certificate’ in the end if you’re using ZeroSSL.
2. Convert the private key to the right format expected by the server code. Currently, this is non-encrypted PKCS#8 (BEGIN PRIVATE KEY), not BEGIN RSA PRIVATE KEY. To do so:

openssl pkcs8 -topk8 -nocrypt -in domain-key.txt -out server-tls.key

3. Copy the certificate file to server-tls.crt, and the key file from the above command to server-tls.key in your FXServer binary folder (alpine/opt/cfx-server/ for Linux artifacts, the server artifact directory for Windows). There should already be one there if you’ve run your server before, replace it.
4. Go to https://domain.example:30120/ (of course, using the right domain pointed to your server address, and the right port), and you should see no certificate warning show up.
5. Make sure to renew the certificate when required, or set up a command-line LE client for automation.

thanks for this, it’ll be useful in the future for sure

Very nice indeed, thanks!