Securing a Private n8n Instance in Azure with Let’s Encrypt and Managed Identity
This week, I deployed a private n8n automation instance in Azure with a focus on security, auditability, and zero public exposure. Here’s how I solved the HTTPS challenge without storing credentials or opening ports unnecessarily. Problem Statement I needed to: Run n8n privately for internal automations Enable HTTPS for browser access and webhook security Use Let’s Encrypt for free TLS certs Avoid storing Azure credentials on the VM Keep the VM locked down with minimal exposure Azure VM and NSG Setup Deployed Ubuntu VM with n8n running via systemd Configured Azure Network Security Group (NSG) to allow: Port 22 (SSH) and 443 (HTTPS) only Scoped to my static IP Temporarily opened port 80 for Let’s Encrypt HTTP challenge SSL Issue: Nginx Serving Self-Signed Cert Despite running Certbot successfully, openssl s_client revealed: ...