1. ZC
    October 25, 2017 @ 10:58 am

    Cool tks for the update , I have previously sent 1 shielded ZEN to my node in one translation, preparing for securenode not on testnet , is it necessary to break down to 5 x 0.25 ZEN ?


    • Rolf
      October 26, 2017 @ 1:27 am

      It definitely works better to have 3-5 transactions for the shielded ZEN address instead of just one.


      • Stephen
        December 13, 2017 @ 9:52 pm


        Just sent the 5 transactions, I don’t have any record in my wallet of them but they all went through as “successful” and they are aren’t showing up when I check the node balance. Does this just need more time?

        I’m assuming there wasn’t an issue going from a T to a Z?



  2. Lootcity
    October 25, 2017 @ 12:05 pm

    This is great – thank you. I am however stuck at the certification verification. For some reason, when i run getnetworkinfo, the tls_cert_verified returns as “false”.

    Is it possible this can take some time to kick in? All the certificates are in place and trying as instructed. Thanks


    • Rolf
      October 26, 2017 @ 1:27 am

      there was an error in my guide earlier on the cert instructions. I have updated it. Maybe try again?


      • Lootcity
        October 26, 2017 @ 10:09 am

        Thanks for getting back to me. I have tried the entire process again and still, no luck… “tls_cert_verified”: false

        Is it something to do with running it as a user? Are there any alternatives here?

        The certificate seems to generate just fine, just doesn’t seem to be verified…

        Thanks again.


        • Bcim
          October 26, 2017 @ 10:19 pm

          Try checking that there are no type-o’s in the tls cert and key paths in the zen.conf file and that you used YOUR paths and not the one in the guides.


          • Lootcity
            October 27, 2017 @ 5:02 am

            Yep, of course. Those are the first things i checked! Any other information i could check? Could it be something the domain side of things?

        • Rolf
          October 27, 2017 @ 8:06 am

          You can test your cert from outside by using openssl from another linux server. For example, to test the cert on one of my systems type:
          openssl s_client -showcerts -connect znode.blockoperations.io:19033

          after you get the cert type Q to exit the session.

          Here is a reference for this: https://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/


      • Rohan
        December 1, 2017 @ 11:17 pm

        Hi Rolf, same error for me as others:

        “tls_cert_verified” is returning false.

        Have tried instructions line by line again and again, but still comes back false.


        • Rohan
          December 2, 2017 @ 12:05 am

          For anyone who continues to get this error, try this, I have got it to true now.
          1) after this
          echo ” is $USER”
          echo ” is $FQDN”
          sudo cp /home/$USER/.acme.sh/$FQDN/ca.cer /usr/share/ca-certificates/ca.crt
          sudo dpkg-reconfigure ca-certificates
          2) in the GUI popup, the first item “ca..” is not check with a star. I left this as default, however, it seems this needs to be checked.
          3) Do that with the space bar, so that all items are checked with a star
          4) tab to the ok button and then retry the process from there.


          • RUN LIU
            January 10, 2018 @ 2:46 pm

            thanks very much. it works

  3. Michael
    October 26, 2017 @ 2:14 am

    Hey Rolf thank you for inspiring newbies like myself to join the mining pool.

    Would this rig be able to mine BCH?

    Is it feasible that I mine ETH on this rig and trade it for BCH or would I lose out?

    I don’t want to wait 2 months for an antminer S9 to get started.


    • Rolf
      October 26, 2017 @ 12:58 pm

      If you are referring to a GPU mining rig you would not be able to mine BTC or BCH or BCC with it.


    • Lootcity
      October 27, 2017 @ 6:17 am

      When i run $sudo dpkg-reconfigure ca-certificates

      I get…

      Processing triggers for ca-certificates (20170717~16.04.1) …
      Updating certificates in /etc/ssl/certs…
      0 added, 0 removed; done.
      Running hooks in /etc/ca-certificates/update.d…

      Is this the reason that i am getting;

      “tls_cert_verified”: false


      • Rolf
        October 27, 2017 @ 8:08 am

        probably. You need to select the unselected ca at the top of the list, tab to the ok, then hit enter. It should accept a new intermediate certificate.


  4. Mac
    October 26, 2017 @ 9:35 am

    Hi Rolf,
    Thank you for this awsome guide.

    Unfortunately I’m stuck in part 2.5 at the section:

    When the updated zen files are done compiling, replace the zen node files:
    zen-cli stop
    sudo cp src/zend /usr/bin/
    sudo cp src/zen-cli /usr/bin

    I get the following error: cp: cannot stat ‘src/zend’ : No such file or directory

    Did I missed something?


    • Rolf
      October 26, 2017 @ 12:57 pm

      A more complete location would be ~/zencash/zen/src/ so you need to be in the directory ~/zencash/zen/ for the command listed above to work.


      • Mac
        October 27, 2017 @ 2:57 am

        Thanks for the quick solution for this problem. There is still one problem left and that is I get a false on “tls_cert_verified”
        I did a new install of the certificate. After that, still the same error. Do you know a solution for this?


        • Rolf
          October 27, 2017 @ 8:09 am

          Try testing it

          You can test your cert from outside by using openssl from another linux server. For example, to test the cert on one of my systems type: openssl s_client -showcerts -connect znode.blockoperations.io:19033

          after you get the cert type Q to exit the session.

          Here is a reference for this: https://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/


  5. Mac
    October 27, 2017 @ 9:27 am

    I did a reinstall. TLS is true now. I can test my cert with openssl on port 9033. On port 19033 I get a connection refused.

    When I do a telnet localhost 19033 on the server the connection is also refused


    • Rolf
      October 30, 2017 @ 10:43 pm

      That’s a lot of progress! The node will either listen on port 9033 if it is running on mainnet, or on port 19033 if it is running testnet.

      To change to testnet, stop zend with a `zen-cli stop` command, edit the ~/.zen/zen.conf file and uncomment the `testnet=1` directive, then start the zen node software with the `zend` command.

      It should now be listening on port 19033 and showing testnet:true in the results of the `zen-cli getinfo` command


      • Mac
        October 31, 2017 @ 4:48 am

        Rolf your the man! That did the trick


        • Rolf
          November 2, 2017 @ 8:49 pm

          great to hear it!


  6. Nikita
    October 29, 2017 @ 5:06 am

    Is there any way to setup all this on one machine and then somehow to redistribute to 10 more?
    Also what should be changed once nodes will hit the public?


    • haloalarm
      October 29, 2017 @ 5:12 am

      Someone has set up a docker image/script deployment for something similar



    • Rolf
      October 30, 2017 @ 10:44 pm

      I am sure there are multiple ways to copy to other servers. Cloning a virtual machine, creating a docker image, backing up and restoring would all be ways to do it.


  7. 17outs
    October 29, 2017 @ 4:43 pm

    Will this work if the vm is behind a firewall? Or do I assume this has to sit in a dmz?


    • Rolf
      October 30, 2017 @ 10:45 pm

      If you do a full 1:1 Network Address Translation rule on your firewall it will work just fine. I have some nodes running private IP addresses on the LAN with a firewall providing NAT services.


  8. Ron E
    October 30, 2017 @ 2:02 pm

    Hi Rolf,

    My node is registered and up, but states my cert isn’t valid. The node says otherwise when running a zen-cli getnetworkinfo:

    “version”: 2001050,
    “subversion”: “/zen:2.0.10/”,
    “protocolversion”: 170002,
    “localservices”: “0000000000000001”,
    “timeoffset”: 0,
    “connections”: 8,
    “tls_cert_verified”: true,


    • Ron E
      October 30, 2017 @ 2:42 pm

      Actually it was a firewall rule missing. I’m all good now.


      • Rolf
        October 30, 2017 @ 10:44 pm



  9. min
    October 31, 2017 @ 5:18 am

    Thanks for this write up! Im getting “Error: Unable to start HTTP server. See debug log for details.” … how do I view log for zend?
    “/../include/boost/thread/pthread/mutex.hpp:111: boost::mutex::~mutex(): Assertion `!res’ failed.”
    If anyone has any tips


  10. Gab
    October 31, 2017 @ 5:28 pm

    When I paste your text in the configuration file (~/.zen/zen.conf) I get an error :

    Error reading configuration file: the options configuration file contains an invalid line ‘cat < ~/.zen/zen.conf’

    Can I go ahead and remove the cat <<EOF… and the EOF line at the end ?

    What are those lines for ?

    Thank you very much for your guide!


    • Rolf
      October 31, 2017 @ 5:33 pm

      That block of text is designed to be pasted directly into the command line.

      It will create the correct file and fill it with the right information without you having to open a text editor at all. Go ahead and give it a try and I think you will like it.


  11. Johnny Tutturo
    November 1, 2017 @ 4:47 am

    Hi, awesome write-up. I need help configuring the conf file for testnet. I am getting the following error:

    [email protected]:~/zencash/zen$ ~/.zen/zen.conf
    -bash: /home/blockops/.zen/zen.conf: Permission denied


    • Rolf
      November 2, 2017 @ 8:48 pm

      edit the file the in ~/.zen/zen.conf and remove the # in front of the `testnet` word


  12. erbobby
    November 1, 2017 @ 6:41 am

    Hey man great guide!, I just have a couple of questions, maybe they are to obvious and I haven’t understood clearly.

    I wanted to run the node first without testnet, since I don’t have the 50 testnet Zencash yet, if this possible, or testnet is mandatory?.

    The other question is how the node will the the T_Address of the wallet where the 42 Zen are stacked, after sending the 1 Zen transactions split x5? Thanks man


    • Rolf
      November 2, 2017 @ 8:47 pm

      yes you can run it without testnet. Should run just fine. Tracker won’t work, but the node will.

      Definitely send the funds to the Z_address first, because the change gets send to a different T_address on your wallet


      • erbobby
        November 3, 2017 @ 12:15 am

        Hey man, thanks for the reply, I still don’t know if I’m getting it. I just want to be sure of something, I have real ZenCash, I don’t remember where I read that I shouldn’t send real ZenCash to the node. So I haven’t done the part where I have to send 1 zen split in 5 transactions. So that’s why I was asking if it was ok to do this part with real Zen and not tesnet ZEN and run the node without testnet mode.

        If the tracker won’t work, it is still qualify as a secure node to receive payments? Also I haven’t seen where to configure the T_Address (where the 42 ZENs are) to get the rewards, it is when I run the node setup.js command?. Thanks again.


      • Wayne
        November 25, 2017 @ 11:15 am


        Same problem as @erbobby here.

        Where to set the staking address?

        It seems like we only put the T-Address when we using the tracker, so the T-address is the address where we put our 42 ZEN in?

        If so, I still didn’t find any information for staking address when we don’t run on the testnet.

        I don’t know how to solve this problem, plz help or just point out where I can get such information.

        Thank you very much!


        • Wayne
          November 27, 2017 @ 1:16 am

          It looks like we set the staking address via securenode tracker.

          So if the mainnet is on, the securenode tracker will be updated too?

          Because for now, the tracker is only support testnet

          The process of this article is still persistent when the mainnet is on? Or we have to change something? ( except testnet=1 => #testnet=1 ha)


  13. Speedy
    November 1, 2017 @ 12:12 pm

    Time window for lunch of sec nodes on main net?


    • Rolf
      November 2, 2017 @ 8:45 pm

      should move beta testing to mainnet week of Nov 1, then launch hopefully before Nov 15


  14. Rolf
    November 2, 2017 @ 8:25 pm

    Here was the original /etc/monit/monitrc copy and paste command. It confused many people, so I changed it in the guide to just file editing. I still like this version:

    sudo su -
    echo $USER1
    cat < > /etc/monit/monitrc
    ### added on setup for zend
    set httpd port 2812
    use address localhost # only accept connection from localhost 
    allow localhost # allow localhost to connect to the server
    ### zend process control
    check process zend with pidfile /home/$USER1/.zen/zen_node.pid
    start program = "/home/$USER1/zen_node.sh start" with timeout 60 seconds
    stop program = "/home/$USER1/zen_node.sh stop"


  15. SemElVik
    November 2, 2017 @ 9:31 pm

    what could be the problem?
    “version”: 2001050,
    “subversion”: “/zen:2.0.10/”,
    “protocolversion”: 170002,
    “localservices”: “00000000000000001”,
    “timeoffset”: 0,
    “connections”: 10,
    “tls_cert_verified”: true,
    “networks”: [
    “name”: “ipv4”,
    “limited”: false,
    “reachable”: true,
    “proxy”: “”,
    “proxy_randomize_credentials”: false
    “name”: “ipv6”,
    “limited”: false,
    “reachable”: true,
    “proxy”: “”,
    “proxy_randomize_credentials”: false
    “name”: “onion”,
    “limited”: true,
    “reachable”: false,
    “proxy”: “”,
    “proxy_randomize_credentials”: false


    • Rolf
      November 3, 2017 @ 7:54 am

      if you want the comment to display properly, use the pre and /pre html tags before and after the output.

      Nothing looks wrong with the information you posted. Looks like you set up the TLS certificate properly.


  16. Jerry D
    November 3, 2017 @ 3:56 pm

    I’ve tried to run all the steps manually and a couple other install scripts and I keep getting the following error:

    checking for exit in -lboost_system-mt… no
    configure: error: Could not link against boost_system-mt !

    Any idea’s on how to get past this would be appreciated.


  17. erbobby
    November 4, 2017 @ 12:41 am

    This is what I get running the setup without testnet. I already have 1 real ZEN on the Z_address on the node. If I switch to testnet I will loose the ZEN I have there?

    Retrieving zen rpc config….
    This version should only be run on testnet. Please reconfigure zen.conf with testnet=1
    [email protected]:~/zencash/secnodetracker$

    zen-cli z_gettotalbalance
    “transparent”: “0.00”,
    “private”: “1.00”,
    “total”: “1.00”


    • Rolf
      November 13, 2017 @ 12:23 am

      you would not lose any ZEN if you switch to testnet. Probably would not hurt to copy your wallet.dat to your PC though.


  18. Hugh
    November 5, 2017 @ 4:49 am

    Hi Rolf,

    Thanks so much for this, I think I’m up and running on test!

    Will let us know or provide a quick tutorial on swapping over to mainnet when ready?
    Do we just start on this tutorial again from where ‘Configure Secure Node Requirements’ start, but with mainnet in mind. exactly the same steps to the end?

    thanks again, learnt a heap from you!


    • Rolf
      November 13, 2017 @ 12:24 am

      Glad it helped! Yes, there will be guidance on moving to mainnet.


  19. kevy
    November 7, 2017 @ 8:03 pm

    Hi Rolf, thanks for the tutorial, i managed to run my secure node.

    Question, if we finally move to mainnet, are these the actions we need to make?

    1. Re-run node setup.js with the real T_ADDRESS
    2. comment out #testnet=1 in the zen config file
    3. restart


  20. BIGmike
    November 8, 2017 @ 3:51 am

    Why exactly shouldn’t one be root when setting up the VPS?
    Seems weird to add another user and annoyingly use sudo for everything. This is a fresh box, so what’s the big deal? Even if you screw it up, just blow it away and start it again.

    Am I missing something? I mean, *maybe* it’s bad practice versus typing sudo a million times? I guess what I’m asking is whether it inherently compromises the secure node by setting it up as root?


  21. Todd S
    November 8, 2017 @ 9:03 am

    Hey Rolf! Great guide here!

    I’m at a sticking point tho. When I get to the part where we create the certificate, I get this error towards the end of the process:

    :Verify error:DNS problem: NXDOMAIN looking up A for

    I can ping my domain so I know its there, and it does give the CA, but I can’t get it to verify.

    Any thoughts


    • Hugh
      November 10, 2017 @ 8:32 am

      I am miles away from an expert but I had the same issue and this fixed it.

      Make sure you have two A records for the IP. One with an @ as the host and one with the name
      A Record @ 123.45.678
      A Record Znode 123.45.678


  22. BIGmike
    November 8, 2017 @ 5:56 pm

    I get this error when I enable testnet:

    Error: Unable to start HTTP server. See debug log for details.
    zend: scheduler.cpp:19: CScheduler::~CScheduler(): Assertion `nThreadsServicingQueue == 0′ failed

    no vomit when commented out.


    • BIGmike
      November 8, 2017 @ 6:06 pm

      hmm, rebooted and seems fine. connects fine. Anyone else get a problem like the above?


  23. BIGmike
    November 8, 2017 @ 6:21 pm

    For the swing wallet does ~/.zen/zen.conf override the zen.conf that is in the ~/Library/Application\ Support/Zen/ directory?


    • Rolf
      November 13, 2017 @ 12:24 am

      yes, it does. The only config that counts is the on in ~/.zen/


  24. rex
    November 8, 2017 @ 8:37 pm

    I’m sorry I am new at this. May I ask, What are the benefits in having your own secure node?


    • Rolf
      November 13, 2017 @ 12:25 am

      you will get paid in ZEN for running a Secure Node when it launches..


  25. Joseph Seal
    November 10, 2017 @ 8:50 pm

    What is the procedure to shut down a secure node and retrieve your staked coin?


    • Rolf
      November 13, 2017 @ 12:25 am

      just send them wherever you want whenever you want. Nothing is locked up


  26. Rewjay
    November 11, 2017 @ 11:50 am

    Tryin’ to install the acme sertificate and got this:
    “rewjay.xyz:Verify error:Fetching http://rewjay.xyz/.well-known/acme-challenge/bWuixcF6zrjY2jRV6EUqHb5wIWJ03wBzjeGNYdfiF0Y: Timeout
    [Сб ноя 11 19:30:16 MSK 2017] Please add ‘–debug’ or ‘–log’ to check more details.
    [Сб ноя 11 19:30:16 MSK 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
    When I add a –debug key to “sudo ~/.acme.sh/acme.sh –issue –standalone -d $FQDN” I see that it’s Wget returns an error code 6 – wrong auth
    What could it be?
    I’ve been so far away from linux and almost all IT about 8 years, sorry if it is a dumb question


    • Harri
      December 6, 2017 @ 11:25 am

      Hi Rewjay,
      Do you have fix for this error yet ? i also meet issue same as you.


  27. Sohail Ishaque
    November 12, 2017 @ 5:17 am

    Hi.. i have been trying to install zencash node and i m following ur tutorial step by stey..

    But when i run the commance

    sudo apt-get install zen # to install zen
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    Package zen is not available, but is referred to by another package.
    This may mean that the package is missing, has been obsoleted, or
    is only available from another source

    E: Package ‘zen’ has no installation candidate


    • Rolf
      November 13, 2017 @ 12:26 am

      try the commands again one at a time, answering yes if you need to


      • Sohail Ishaque
        November 14, 2017 @ 10:25 am

        it still dont work.. can u check my system ? i can provide u with the credentials and what mistake i m making,.. would b really great of u ?

        also i m using ubuntu 17.04 ?can it b a problem also ?


    • Jamie Jensen
      February 9, 2018 @ 4:48 pm

      I also received this error. I resolved the error by using the 64-bit version of Ubuntu. When I was downloading Ubuntu the 64-bit option said it was for AMD processors but I had an Intel processor. I later found out the though it says AMD only it also works on Intel.


  28. Yura
    November 16, 2017 @ 1:59 am

    What Linode VPS configuration to choose for running the secure node?


  29. SquigglyBear
    November 20, 2017 @ 4:27 pm

    Thanks for the tutorial, very helpful. I am getting an error with Lets Encrypt. Pretty sure I just don’t know what I’m doing. Does anyone have a tutorial to send on setting that up? Basically, when I enter:

    sudo ~/.acme.sh/acme.sh –issue –standalone -d $FQDN

    I get the error message:

    new-authz error: {“type”:”urn:acme:error:malformed”,”detail”:”Error creating new authz :: DNS name does not have enough labels”,”status”: 400}

    I don’t think I even properly setup the domain or any of that though. Any help would be greatly appreciated! Will donate Zen!


  30. Mike Moskowitz
    November 22, 2017 @ 11:40 am

    I get this when I try and start zend

    You need to rebuild the database using -reindex to change -txindex.
    Please restart with -reindex to recover.
    zend: /home/cronic/Downloads/src/my_projects/zencashofficial_release_linux/depends/x86_64-unknown-linux-gnu/share/../include/boost/thread/pthread/condition_variable_fwd.hpp:102: boost::condition_variable::~condition_variable(): Assertion `!ret’ failed.


  31. Joey
    November 27, 2017 @ 8:36 pm

    Is there a email list to get notified when main net goes live? Also is there any instructions for switching testnet nodes over to main net?


  32. andrej
    November 28, 2017 @ 9:55 am

    could you make a cronjob to empty the cache. we’ve got a problem with the increasing challenge time.


  33. Wie man eine ZenCash Secure Node erstellt und bedient – vollständiger Leitfaden! – ZenCash Blog
    November 29, 2017 @ 12:09 pm

    […] englische Original kann unter KLICK aufgerufen werden. Falls Ihr Anmerkungen/Verbesserungen habt schreibt am besten Tross und mich im […]


  34. vrypan
    December 1, 2017 @ 1:47 am

    Great job! I suggest you put the instructions on github so that people can suggest improvements or changes in an easy to manage way.


    • Rolf
      December 27, 2017 @ 6:41 pm

      now that is a great idea! I will see if I can do that soon


  35. Giedrius
    December 1, 2017 @ 10:38 am

    I got a problem sending ZEN coins from transparent wallet zndNd5xvPBJ… to shielded vallet zcdVSzr7UJKj…
    zen-cli say “Accounts is unsupported”


    • Giedrius
      December 4, 2017 @ 11:58 am

      I got node running, but it keeps stopping. I guess it’d because of only 1GB RAM, myn VPS not let me adjust Swap size. Now I want to transfer this 1 ZEN to another Secure Node wallet, but zend crashes as soon as I enter this command:
      zen-cli z_sendmany “zc_address_old_node” “[{\”amount\”: 0.001, \”address\”: \”zc_address_new_node\”}]”
      it give opid, but funds stay in old wallet.


  36. dora
    December 2, 2017 @ 1:55 am

    I had got it work and online.
    May I send 1.2498Zen from Z_address to other wallet?
    Is secure node keep valid if send money to other wallet?
    How to send zen from Z_address ?


  37. Junior Pham
    December 4, 2017 @ 10:11 pm

    Thanks for putting this guide together! Very helpful! I’m using DigitalOcean and trying to set this up as instructed, but have come across an issue when installing the Lets Encrypt certificate.

    I’m stuck here where we input the following:

    echo ” is $USER”
    echo ” is $FQDN”
    sudo cp /home/$USER/.acme.sh/$FQDN/ca.cer /usr/share/ca-certificates/ca.crt
    sudo dpkg-reconfigure ca-certificates

    Once I enter that into terminal, this is what I’m getting:

    [email protected]:~#
    [email protected]:~#
    [email protected]:~# sudo crontab -e
    crontab: installing new crontab
    [email protected]:~# FQDN=mydomain.com
    [email protected]:~# echo “root is $USER”
    root is root
    [email protected]:~# echo “mydomain is $FQDN”
    mydomain.com is mydomain.com
    [email protected]:~# sudo cp /home/$USER/.acme.sh/$FQDN/ca.cer /usr/share/ca-certificates/ca.crt
    cp: cannot stat ‘/home/root/.acme.sh/mydomain.com/ca.cer’: No such file or directory
    [email protected]:~# sudo dpkg-reconfigure ca-certificates

    On the next step, when I paste this in..

    zen-cli stop
    cat <> ~/.zen/zen.conf

    It’s returning this..

    Zen server starting
    [email protected]:~# Error: Cannot find TLS key file: ‘/home/root/.acme.sh/mydomain.com/mydomain.com.key’

    Any thoughts? Greatly appreciated!


  38. Bilal
    December 6, 2017 @ 12:08 am

    Dear Rolf,
    While putting the instructions together and sharing is a great idea, the instructions themselves are poor and do not produce repeatable results and require end user troubleshooting to check.
    a) instructions should include the full directory paths and not just a “cd” – often i was getting lost and having to trace back which directory I should be in.
    b) Part 3 claims to be a consolidation of part 1 & 2, but this isn’t the case; there are many other steps and setups that would be missed if only a part 3 was completed. There is then some mix and match required between part 2 & 3 in order to wrestle with it and try to get a working config.

    I’m currently going through iterations of builds trying to get my own set of instructions, serially without having to repeat steps.


    • Mark
      December 26, 2017 @ 2:37 am

      Would you be able to share your set of instructions? I’m a complete newbie!


  39. Bilal
    December 6, 2017 @ 1:11 am

    hmm okay; for tls_cert_verified = false;

    1) delete the /home//acme.sh & /home//.acme.sh
    2) re-download the scripts and issue the FQDN certificates.
    3) if you have re-created the certificate or re-running thru the config, make sure you untick the ca.crt in “sudo dpkg-reconfigure ca-certificates” save, then re-copy the ca.crt file, then re-enter the “sudo dpkg-reconfigure ca-certificates” and tick. This seems to have changed the tls_cert_verified from false to true




  40. John
    December 6, 2017 @ 2:45 am

    When I run sudo ~/.acme.sh/acme.sh –issue –standalone -d $FQDN

    It starts to work and then spits out

    znode.zencash.fun:Verify error:Invalid response from http://znode.zencash.fun/.well-known/acme-challenge/P2LRgxnKeZPn9PRqE5Jg9bQOcMTLLZH_Ruar81ZoSak:

    pinging the A Certificate works for me though. Not sure where to go from here


  41. Harri
    December 6, 2017 @ 10:09 am

    I run command : acme.sh to issue the cert but the verify process meet some erro Time out. Anyone have solution for this. Great appreciate.

    [email protected]:~$ sudo .acme.sh/acme.sh –issue –standalone -d znode.fab.com.vn
    [Wed Dec 6 09:41:50 EST 2017] Standalone mode.
    [Wed Dec 6 09:41:50 EST 2017] Single domain=’znode.fab.com.vn’
    [Wed Dec 6 09:41:50 EST 2017] Getting domain auth token for each domain
    [Wed Dec 6 09:41:50 EST 2017] Getting webroot for domain=’znode.fab.com.vn’
    [Wed Dec 6 09:41:50 EST 2017] Getting new-authz for domain=’znode.fab.com.vn’
    [Wed Dec 6 09:41:52 EST 2017] The new-authz request is ok.
    [Wed Dec 6 09:41:52 EST 2017] Verifying:znode.fab.com.vn
    [Wed Dec 6 09:41:52 EST 2017] Standalone mode server
    [Wed Dec 6 09:41:56 EST 2017] Pending
    [Wed Dec 6 09:41:58 EST 2017] Pending
    [Wed Dec 6 09:42:01 EST 2017] znode.fab.com.vn:Verify error:Fetching http://znode.fab.com.vn/.well-known/acme-challenge/WRLvvG4T51HZLrwSRI19NaLFbM1G5aDwYWh7aL9Uhpk: Timeout
    [Wed Dec 6 09:42:01 EST 2017] Please add ‘–debug’ or ‘–log’ to check more details.
    [Wed Dec 6 09:42:01 EST 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh


  42. Alex
    December 7, 2017 @ 8:25 am

    Hi Rolf,

    Complements on a great guide. I’ve been following along with no issues until I got to the part about needing some testnet ZEN. I’ve posted a request on Discord #securenodes, but 24hrs later no test ZEN on my wallet.
    zthuPtomHGRdEuWzcKLxvdJr74GxYUjVTPh Any ideas how long it takes to get some.

    Thank You


  43. paul
    December 7, 2017 @ 6:05 pm

    Hi Rolf. Fair play trying to put a guide together but jeez they’re hard to follow. I work in IT for last 30 year and this is pretty bad.

    Hey I do this for a living – if you want me to help tidy up the instuctions. (Hint – absolute pathnames when cd, and properly editing files.


  44. paul
    December 9, 2017 @ 5:27 pm

    To be honest, I was quite excited about zencash and the idea of being part of a managed node network. Great I thought something to be involved.

    Alas, I fear its going to end in tears because hardly anyone is going to be able to get a node running based on these instructions. Also, to be honest, it just looks very very very bad indeed.

    I’m a IT consultant of almost 30 years standing. Worked on hpux, solaris, linux, windows, in telcoms, defence, public sector etc etc. Been there done it. Not an expert but I know a bit.

    I’ve spent hours getting this to work on the test network and to be honest, I’ve given up. Its that bad.

    Honestly, Rolf, I know I’m not the only one saying this. Great idea and you like a really clever guy but please get someone to help you with the documentation. At the moment, zencash is a non-runner in my eyes because of this poor documentation.


    • Bilal
      December 11, 2017 @ 10:49 pm

      hey Paul – email me and i’ll send you step by step list 😉


      • coindust
        December 13, 2017 @ 12:29 pm

        Hey Bilal, they are not on testnet anymore.


    • Rolf
      December 27, 2017 @ 6:35 pm

      Paul, sorry to hear that. It would be great if someone wrote a better guide. These instructions seem to work for at least a few people though, so I will leave them here.


  45. coindust
    December 13, 2017 @ 12:26 pm

    First of all, awesome guide ROLF! I’ve been building nodes for the past 6 months and this one was the most fun and free of issues. I had some cert issues but, was able to get past them. Now, my node is up and registered and running but I want to automate some tasks. I went through the monit guide but I’m getting a problem in that when I reboot, the zend service does not automatically start.

    After some troubleshooting, I believe it is because I’m not using the sudo command in front of the zend command in the script. I’ve tried to figure out how to run it but everything I see suggests not using sudo inside the script. I guess it could be something with my user as well but its in the sudo group.

    Here is the line from the zen_node.sh script I’m talking about.

    eval “/bin/su -c ‘/usr/bin/zend 2>&1 >> /dev/null'”

    Any ideas on what I do to get this to work?

    Thanks in advance!


    • andrew
      January 15, 2018 @ 8:29 pm


      Thanks for the guide, Rolf!

      coindust I am having the same problem with zend not automatically restarting. Were you able to solve it?

      Let me know,


  46. coindust
    December 13, 2017 @ 12:27 pm

    In the actual command, I do have my user in there…


  47. Luka
    December 15, 2017 @ 9:08 am

    I have an issue with the secnodetracker, it seems to identify my certificate as invalid or cant access it? I have checked if certificate is valid and till when – its till 02/18. I also added the http and https rules to the firewall and the router and its still not working. Any idea what to do or how to check whats wrong?


  48. Wiliam
    December 19, 2017 @ 4:17 pm

    I’m new to all this and I managed to configure thee secure node up to the point of getting my wallet to testnet and I noticed the ZenCash Slack or Discord either don’t exist or I need an invite.

    Basically I need someone to send me 50 testnet Zencash so I can test my server.


    Any help would be awesome.



    • Rolf
      December 27, 2017 @ 6:11 pm

      sorry for the delay in reply. You don’t need to do testnet anymore, and here is a link to Discord https://discord.gg/SuaMBTb


  49. gbc
    December 21, 2017 @ 2:51 am

    Getting this error.

    This version should only be run on mainnet. Please reconfigure zen.conf and remove or comment ‘#testnet=1’


    • Rolf
      December 27, 2017 @ 6:08 pm

      guide updated for mainnet only


  50. Mark
    December 26, 2017 @ 2:32 am


    I’m really interested in setting up a secure node and being part of the ZenCash community. Before I do, I am a complete newbie and I know absolutely no code (the above is absolute gibberish to me). Is this going to work for me and is there any support out there for a newb getting stuck?



    • Wiliam
      December 26, 2017 @ 11:16 am

      I wouldn’t do this Mark if I was you, the instructions are not perfect so you will need to be able to troubleshoot when things goes sideways and you need to be able to administer your own Linux server. So if you do not know how to do that then avoid this at all cost.

      Support wise there is none that I noticed so far, slack community is shutdown discord you need to be invited but I haven’t found out how to.

      For me and another mate we are both sysadmins so when we set this up and had problems we bounced ideas between ourselves to figure out the problems.


      • Mark
        December 27, 2017 @ 3:10 am

        Thanks, that sounds like good advice to me, I’ll give it a miss. Slightly concerning for the future of the project though if there is no support for running the nodes!



  51. Rolf
    December 27, 2017 @ 6:07 pm

    Here is a link to the Discord that should work. Lots of support in the #securenodes channel https://discord.gg/SuaMBTb


  52. Help Me
    December 30, 2017 @ 4:56 pm

    Error: Cannot find TLS key file: ‘/home/gdr/.acme.sh/fff.xyz/fff.xyz.key’
    what am i doing wrong?


  53. ZenCash セキュアノード構築(1):VPSの準備 – ZenCash Blog
    January 1, 2018 @ 2:49 am

    […] 3 まであります。パート 1  およびパート 2 の内容は全てパート 3 で説明されていますので、サーバー構築の経験が豊富な方はパート 3 […]


  54. ZenCash安全结点安装指南-飞扬阅读
    January 1, 2018 @ 9:08 am

    […] How to Build and Operate a ZenCash Secure Node – Complete Guide […]


  55. Erik
    January 1, 2018 @ 12:08 pm

    How would you get newly mined coins off your node?


  56. FM
    January 2, 2018 @ 1:36 am

    Can I not using port 80? My ISP blocks port 80.


  57. ken
    January 2, 2018 @ 9:00 am

    how can i swap testnet to mainnet? do i need to re-set up everything?


  58. Darkwinde
    January 2, 2018 @ 9:20 pm

    Takes quite a long time to figure out that the guide misses 2 things.

    1) After command “sudo apt install monit” you need to start monit in daemon mode by “sudo monit”

    2) Changes in file “/etc/monit/monitrc” missing the parameter “and”, so has to look like:
    set httpd port 2812 and
    use address localhost # only accept connection from localhost
    allow localhost # allow localhost to connect to the server an


    In addition I have a question according to the required “”:
    It is mentioned that this address should be created by the swing wallet and the 42 Zen have to be send to this transparent address.

    Am I right, that the “” could be any created transparent address, not only the one of the node itself (figure out by: zen-cli listaddresses)?
    This means on the node I have a balance of private funds of 1 Zen and on my e.g. windowns client machine with full synced chain the 42 Zen, right?

    zen-cli z_gettotalbalance
    “transparent”: “0.00”,
    “private”: “1.0096”,
    “total”: “1.0096”

    Windows client:
    E:\Zen\app>zen-cli z_gettotalbalance
    “transparent”: “42.00000001”,
    “private”: “0.00”,
    “total”: “42.00000001”

    Or have the 42 Zen also be on the node to get a total of ~43 Zen?


  59. Nick
    January 4, 2018 @ 11:22 pm

    sudo ~/.acme.sh/acme.sh –issue –standalone -d $FQDN gives me the following error:

    LISTEN 0 0 :::80 :::* users:((“apache2”,pid=30239,fd=4),(“apache2”,pid=25481,fd=4))
    [Thu Jan 4 23:19:41 EST 2018] tcp port 80 is already used by 80
    [Thu Jan 4 23:19:41 EST 2018] Please stop it first
    [Thu Jan 4 23:19:41 EST 2018] _on_before_issue.


  60. Sharif
    January 7, 2018 @ 6:20 pm

    do I need to add the certificate or is it okay to skip that part?


  61. Pete
    January 7, 2018 @ 9:49 pm

    thank you for the great guide, my server is up, but the node tracker website tells me my cert. failed because hostname EXample.example does not match CN example.example, how do I correct this.


  62. John
    January 9, 2018 @ 3:09 am

    Hello All,

    I could launch the node but I have one question… weird certainly !

    I have sent one zen on this node on a z adress and now I’m wondering how I’ll retrieve this if I want to migrate on another VPS by example, is there any command to use to send it to my private zen adress ?

    Thanks a lot !


  63. ZenCash セキュアノード設定 (1) : VPSの準備 – ZenCash Blog
    January 11, 2018 @ 7:22 pm

    […] 3 まであります。パート 1  およびパート 2 の内容は全てパート 3 で説明されていますので、サーバー構築の経験が豊富な方はパート 3 […]


  64. Earning Free ZenCash W/ Zen Secure Nodes & ZenCash Faucet – GetZen.Cash – iCash – Want Cash? Learn here what to do
    January 16, 2018 @ 5:04 pm

    […] How to build and operate a ZenCash Secure Node https://blockoperations.com/how-to-build-and-operate-a-zencash-secure-node/ Official ZenCash Website […]


  65. Richard
    January 21, 2018 @ 5:40 pm

    Hi, I followed the instructions and after a couple days my Z_ADDR was depleted of the 1 Zencash coin that I sent it. I don’t have any money in the transparent and my zencash swing wallet hasn’t received any deposits. Is this normal? Has this happened to anyone else? Can I get that 1 Zencash coin back?


    • Julian
      January 23, 2018 @ 11:34 pm

      Hello Richard,

      An answer to your question may be in the ZenCash discord group.

      – On the other hand, I wanted to ask you something in particular and it’s the following:
        * the address T_ADDR can be any address?
        * How do I know that my node is synchronized?
        * Does T_ADDR have to be a new address?
        * T_ADDR must not have transactions?
        * My master node appears in the online tracker, I also have the balance of 1.1 ZEN in the masternode’s
      armored address.

        Thank you!!


  66. zheng
    January 30, 2018 @ 5:12 am


    I have formatted my VPS and lost my SSL certificate accidentally.now i can not apply for the same certificate again, but my VPS ip address has been registered on the https://securenodes.sea.zensystem.io/.Can i unregister my VPS ip?


    • Julian
      February 2, 2018 @ 9:36 am

      You need reinstall all and register again the node with the tracker.


  67. Juan Pena
    January 31, 2018 @ 6:07 pm

    Hi Rolf

    Can i modify the swap memory even if my node is up and running?

    Tanks In Advance for such a great tutorial



    • Julian
      February 2, 2018 @ 9:33 am

      You can update this in the control panel of node. Set Resize.
      You need to pay more for this.

      Saludos (Y)


      • Juan Pena
        February 4, 2018 @ 10:42 am

        Gracias Julian!! En efecto tuve que pagar mas !!!



      • Juan Pena
        February 15, 2018 @ 8:29 pm

        Hola Julian

        Ya tengo mi primer nodo operando y produciendo. Sin embargo hace unos dias cree un segundo nodo en google cloud services. El nodo opera super. Esta up, sin embargo tengo problemas con la validación del certificado en el tracker. He reinstalado, cambiado dominio, y pues al verificar con zen-cli getnetworkinfo, el certificado tls esta marcado como true. Sin embargo no me lo valida el tracker. me sale el siguiente mensaje “Cert Valid: false No peers found yet with connections to this node.” He probado mil cosas, reinstalado letsencrypt, pero no logro conexion. He revisado el firewall el puerto 9033 aparentemente esta abierdo pero nada sigo sin poder validar el certificado. Tendras alguna idea al respecto?

        Gracias de Antemano


        Gracias de antemano


  68. Zencash Secure Full Node requires $1800 Investment – TDSheridan Lab
    February 9, 2018 @ 11:36 pm

    […] a complete guide to properly deploy a Secure Full Node on Linux and found a very complete guide on BlockOperations. BlockOperations goes through all the options for hosting and sizing […]


  69. Securenode: Guide complet d’installation et de configuration – ZenCash Blog
    February 13, 2018 @ 8:01 pm

    […] Ce tutoriel est une traduction du tutoriel original de ROLF et qui est disponible ICI […]


Leave a Reply

Your email address will not be published. Required fields are marked *