Nostr Sovrn
Independent identifiers
Stand out and walk tall with a self-hosted Nostr address. One address for your profile, Lightning wallet and email.
sovereign@nostrich.com username@yourdomain.com odell@werunbtc.com fiatjaf@fiatjaf.com shadowy@supercoder.com dergigi@dergigi.com jack@moscowtime.com wiz@mempool.space jb55@jb55.com saylor@nosecondbest.com utxo@nodeless.io carla@toxicmaxi.com nostreport@nostr.report bitcoin@psychopath.com nvk@nvk.org andreneves@zbd.ai up@foreverlaura.com lukedashjr@dashjr.org preston@holycow.com satsie@satsie.dev foss@forthekids.com walker@papanostrich.com
Introduction
As is true for Bitcoiners, Nostriches should strive to be as self-reliant as possible to minimize dependency and to preserve the integrity and resilience of the Nostr network. That said, it can be challenging to do so. Nostr Sovrn simplifies the process of setting up a privately controlled, censorship-resistant NIP-05 identifier/Nostr address.
There are two ways to set up your independent identifier. You can either do it yourself using the free setup guide below or you can make a donation and have us do it for you. Either way, the end result will be the same: A self-hosted Nostr address that only you control, with a matching Lightning and email address.
Setup service
Hassle-free option
The Sovereign option will give you full, exclusive control of your domain, web server account, identifier files and SSL certificate. You’ll have a truly independent, self-hosted Nostr identifier that you can also use as a Lightning and email address. Please note that apart from the setup service donation, you will have to cover your domain and web server costs (unless you already have a domain and server access). If you use the hosting provider we recommend (Namecheap), it will cost you only $21 with a .com domain.
With the Semi-Sovereign option, your identifier files and SSL certificate will be hosted/managed on our server. You will still have complete ownership and control of your identifier domain but because the functionality of your identifier will partially rely on us, you will not have a fully independent identifier. However, you still have the option to host your identifier files elsewhere at any time (without needing our approval), so you’re never fully dependent on us. In fact, the Semi-Sovereign option is intended as a step towards full sovereignty and we’re happy to help you get there once you’re ready. Please note that apart from the setup service donation, you will have to cover the cost of your domain (unless you already own one), which you can get for as little as $0.99.
Sovereign
Files and SSL hosted on your own server-
We'll take care of everything, you just relax :)
-
Complete ownership/control of your domain
-
Includes free domain registration assistance
-
Complete control of your web server account
-
Includes a domain-validated SSL certificate
-
Includes Bitcoin Lightning address forwarding
-
Includes an identifer-matching email address
-
You'll support various orange pilling projects
-
You get a free BitcoinNostr.com profile page
-
You'll be added to the Bitcoin Nostr directory
-
Completely anonymous (if you want it to be)
-
Domain/server costs not included ($15-23)
To order this service, submit your Nostr pubkey here:
Semi-Sovereign
Files and SSL hosted on the Bitcoin Nostr server-
We'll take care of everything, you just relax :)
-
Complete ownership/control of your domain
-
Domain registration assistance (+3000 sats)
-
Includes free usage of a reliable web server
-
Includes a domain-validated SSL certificate
-
Includes Bitcoin Lightning address forwarding
-
You'll support various orange pilling projects
-
You get a free BitcoinNostr.com profile page
-
You'll be added to the Bitcoin Nostr directory
-
Completely anonymous (if you want it to be)
-
Does not include the cost of a domain ($2-6)
To order this service, submit your Nostr pubkey here:
Setup guide
Free option
This detailed, step-by-step guide will show you how to set up a privately controlled Nostr identifier. You’ll learn how to: select and register a domain, gain access to a web server, configure the necessary identifier files, obtain and install an SSL certificate and finally, how to update your Nostr profile. In addition, you’ll learn how to set up a Lightning forwarding address and an email address that are both identical to your Nostr identifier. Nostr identifiers look exactly like email addresses and in this guide, we’ll use nostrich@nostrsovrn.com as an example.
Please note: We recommend using this guide on a desktop or laptop computer, as it would be difficult to complete certain steps on a mobile device. Depending on your technical skill level and experience, it will take somewhere between 45-75 minutes to complete all nine steps.
Important: You can use virtually any hosting provider/web server to set up your identifier. The setup process will be largely identical, regardless of which one you decide to use. If anything were to happen to your hosting account, you could simply return to this guide and set up your identifier on a different server. For this guide, we used Namecheap, a leading hosting provider that accepts Bitcoin payments and offers low-cost hosting plans and free domain privacy protection. With these benefits, you have the option to set up your identifier securely and anonymously at a very low price.
Let’s begin the setup process by selecting a domain (if you already own a domain, skip to Step 3). There are a few things to consider:
1. Top-level domain (TLD)
The top-level domain is the final component of your identifier. Some commonly used and trusted TLDs are .com, .net, and .org but there are thousands of TLDs to choose from. The TLD of the example identifier is .com.
2. Second-level domain (SLD)
The second-level domain is the unique and defining component of your identifier. You can think of it as a small piece of Internet "real estate" that you own and control. The SLD of the example identifier is nostrsovrn.
3. Username
A username is the first component of your identifier. Unlike TLDs and SLDs, which are static and unchangeable, usernames can be created, altered and deleted and there is no limit to the amount of usernames you can create. The username of the example identifier is nostrich.
4. Cost
For the vast majority of TLDs (top-level domains), you will have to pay an annual registration fee ranging between $2 to $20. Cheaper and/or less commonly used TLDs may be appealing but please be aware that many such TLDs are associated with spam and are not considered to be as trustworthy as older, more familiar TLDs such as .com, .net, and .org.
Now that you're aware of these considerations, continue with Step 2: Domain registration.
It’s time to register your domain. As mentioned in Step 1, we used Namecheap to register the domain for the example identifier. To register yours, go to namecheap.com (or your preferred hosting provider) and follow these instructions:
1. You should start by creating a Namecheap account. Simply click on the 'SIGN UP' link (in the toolbar at the top of the page) and fill out the sign-up form. It's up to you what information to enter into the registration form but be aware that there's no KYC or ID process for Namecheap account registrations. In any case, be sure to use an email address that you have access to. When you're ready, click on the 'Create Account and Continue' button.
2. Once you're account has been created, you'll be taken to your account dashboard. There, use the search box to see whether your desired domain is still available.
3. If the domain is still available, click on the 'Add to cart' button and then on the red 'Checkout' button.
4. (Skip this step if your domain was available.)
If your desired domain is no longer available, you have two options: You can either think of a different SLD for your identifier or you scroll down the page and select a different TLD. You can use the 'Beast Mode' tab to quickly and easily search hundreds of TLDs.
5. On the shopping cart page, you will see a summary of your domain order. Be sure to double-check the domain name and also ensure that the free 'Domain Privacy' feature is set to 'ENABLE' (you do not have to enable 'PremiumDNS').
6. If you're registering a .com domain, type 'NEWCOM598' into the 'Promo Code' field (and click on the 'Apply' button) to get a big discount on your domain registration fee. If you're registering a different TLD, go to this page to find other discount codes. If there are none available for your TLD, try using the code 'COUPONFCNC'.
7. If you'd like to pay with Bitcoin, go to this page to top up your account funds with a Bitcoin payment. Please note that Lightning payments are currently only accepted through bitpay. Check your cart (in the toolbar) for your order total, enter that exact amount into the 'Amount to Add' field and click on the 'Add Funds' button. Now pay the Bitcoin invoice.
8. Your new account balance will appear at the top of your dashboard as soon as the payment transaction has been confirmed. Once it does, return to your cart and click on the 'Confirm Order' button. On the next page, in the 'Payment Method' section, select the 'Account Funds' option and continue the checkout process. On the last page, review your order and click on the 'Pay Now' button.
Great job, you've registered your very own domain! Continue with Step 3: Web server setup.
The functionality of a Nostr identifier relies on two components; a domain and a small JSON file that has to be connected to the domain. To accomplish this, you’ll need access to a web server (if you already do, skip to Step 4).
There are many great web hosting providers to choose from but for the reasons mentioned in Step 1, we used Namecheap. If you’d like to do the same, follow the instructions below to gain access to a reliable, low-cost web server at Namecheap.
Important: If you’d like to use a different provider, be sure to select a hosting plan that includes file management and the ability to install an SSL certificate.
1. Go to your Namecheap account dashboard (if you don't have a Namecheap account, slide 1 of Step 2 explains how to create one). Now place your cursor over the 'Hosting' link and click on 'Shared Hosting'. On the next page, locate the 'STELLAR' plan and click on the red 'Get Started' button.
2. You will now be asked which domain should be connected to your hosting plan. Select the options 'Existing Domain Name' and 'Your Namecheap Domain Name'. Type your domain into the search box, select it and click on the 'Connect To Hosting' button. Now click on the 'Add To Cart' button.
3. On the shopping cart page, you will see a summary of your hosting plan order. In the 'Promo Code' field, type 'COUPONFCNC' to get a 20% discount on your hosting plan. Now click on the 'Confirm Order' button.
4. If you'd like to pay with Bitcoin, go to this page to top up your account funds with a Bitcoin payment. Please note that Lightning payments are currently only accepted through bitpay. Check your cart (in the toolbar) for your order total, enter that exact amount into the 'Amount to Add' field and click on the 'Add Funds' button. Now pay the Bitcoin invoice.
5. Your new account balance will appear at the top of your dashboard as soon as the transaction has been confirmed on the Bitcoin network. Once it does, return to your cart and click on the 'Confirm Order' button. On the next page, in the 'Payment Method' section, select the 'Account Funds' option and continue the checkout process. On the last page, review your order and click on the 'Pay Now' button.
Way to go, you've finished setting up your hosting account!
Continue with Step 4: Domain configuration.
Step 4
Domain configuration
Skip to Step 5 if you purchased your domain and hosting plan at Namecheap.
For your identifier to work, you will have to point your domain to the web server on which your identifier files are stored. If you followed the previous steps in this guide and purchased your domain and hosting plan at Namecheap, please continue with Step 5. If you’re using a different hosting/web server provider, follow these instructions:
1. First, you'll have to configure your domain's 'nameservers'. Go to your domain registrar and navigate to the settings/management page of your newly registered domain. If you used Namecheap to register your domain, click on this link and then on the 'MANAGE' button.
2. Locate the nameserver settings and set them to those of your hosting provider. If you don't know what they, simply google the name of your hosting provider plus the word 'nameservers' or contact your provider.
3. Now go to your hosting plan dashboard and from there, open your control panel (often called 'cPanel').
4. On your control panel, locate the 'DOMAINS' section and click on 'Addon Domains'.
5. Type your newly registered domain in the 'New Domain Name' field and click on the 'Add Domain' button.
Well done, you can now continue with Step 5: Identifier configuration.
Step 5
Identifier configuration
Next, you’ll have to create and configure the JSON file mentioned in Step 4. To ensure that Nostr clients can read the JSON file, you will also have to allow something called Cross-Origin Resource Sharing (CORS) on your web server. Follow these steps to accomplish both:
1. From the home page of your hosting plan dashboard, open your control panel. If you're using Namecheap, go to your account dashboard, click on the 'Hosting List' tab and then on the 'GO TO CPANEL' button.
2. In your control panel, locate the 'FILES' section and click on the 'File Manager' link.
3. In the file manager, open the main/root folder of your identifier domain (if you're using Namecheap and your identifier domain is your main and/or only domain, you are already in the root folder). Once you're in the root folder, click on the 'New File' button (typically indicated by a '+' symbol) and create a new file named 'index.html'.
4. Next, click on the 'Settings' button (in the top-right corner of the file manager'), activate the 'Show Hidden Files (dotfiles)' option and then click on the 'Save' button. A folder named '.well-known' will now be shown. Now (double) click on the folder to open it.
If your file manager does not have a 'Show Hidden Files' option or if there's no existing '.well-known' folder, simply create it yourself using the 'Add Folder' button (don't forget the '.' at the beginning).
5. In the '.well-known' folder, create a new file named 'nostr.json'. Once you have, right-click on the file and then click on the 'Edit' button.
6. Open this template file and copy the code snippet it contains, then paste it into your 'nostr.json' file. Now replace 'YOUR_NOSTR_NAME' with your Nostr username and 'YOUR_NOSTR_PUBLIC_KEY' with your Nostr pubkey in HEX format. You can find and copy your Nostr pubkey on the profile page of your Nostr client. Use this tool to convert your pubkey from the npub to the HEX format.
7. Please ensure that your username is exactly the same in your Nostr profile settings and your JSON file. Also, please note that it cannot contain any spaces or non-standard (UTF-8) characters. Once you've entered your username and pubkey into the code snippet, be sure to save the JSON file.
8. In your File Manager, navigate back to the main/root folder of your identifier domain. In the root folder, create another new file named '.htaccess' (don't forget the '.' at the beginning).
9. Now open this template file and copy the short code snippet it contains, then paste it into the new '.htaccess' file and be sure to save the file.
Nice job, you can now continue with Step 6: SSL certificate setup.
Step 6
SSL certificate setup
Skip to Step 5 if you purchased your domain and hosting plan at Namecheap or if you already obtained and activated an SSL certificate elsewhere.
To complete the identifier setup process, you’ll have to obtain and install an SSL certificate (a digital document that establishes a secure, encrypted connection between your web server and anything connecting to it, including Nostr clients). Without an SSL certificate, your identifier will not work in most Nostr clients/applications.
If you followed the previous steps in this guide and used Namecheap to order your domain and hosting plan, a free SSL certificate was automatically issued and installed when you connected your identifier domain to your hosting account. However, you will still have to make one small change, which is described in slide 1 of the instructions below.
If you registered your domain elsewhere, you can either order an SSL certificate at your registrar/hosting provider or install a time-limited certificate, which some SSL providers offer for free. Of those, we recommend ZeroSSL. To acquire and configure a free SSL certificate, go to zerossl.com and follow the instructions below, starting with slide 2:
1. If you're using Namecheap, go to your account dashboard and click on the 'Domain List' tab. Next, click on the 'MANAGE' button next to your identifier domain. On the domain details page, locate the 'NAMESERVERS' section. There, click on the drop-down menu and select the 'Namecheap Web Hosting DNS' option. Now click on the green check mark to save the new setting and continue with Step 7.
2. To register a free SSL certificate at ZeroSSL, enter your domain into the field at the top of the home page and then click on the 'Next Step' button. Please be aware that free ZeroSSL certificates must be renewed every 90 days (3 months).
3. On the next page, create a new account by entering an email address and a secure password. You can use any email address including the one you used to register your domain. Either way, be sure to use an address that you have access to because an SSL verification email will be sent to it shortly. Store your password in a safe location, then click on the 'Next Step' button.
4. On the next page, you'll see the 'SSL Certificate Setup' dashboard. In the first tab called 'Domains', make sure that your domain has been entered correctly in the white field. To the right of the field, you should see two green checkmarks, indicating that you are setting up an SSL certificate for the two versions of your domain (with and without 'www'). Now click on the 'Next Step' button.
5. In the In the next tab, called 'Validity', select the '90-Day Certificate' option. Important: Again, please note that you'll have to renew your free SSL certificate every 90 days (3 months). If you don't, your identifier will stop working. Now click on the 'Next Step' button.
6. In the In the next tab, called 'CSR & Contact', make sure that the 'Auto-Generate-CSR' toggle is turned on, then click on the 'Next Step' button.
7. Lastly, in the 'Finalize Your Order' tab, make sure that the free plan is selected and then click on the 'Next Step' button.
8. On the next page, in the 'Verification Method' tab, make sure that the 'Email Verification' option is selected. The field underneath contains the email address that you used to register your domain. If your domain has privacy protection, the email address may look unrecognizable because it's encrypted. Simply leave the field as is and click on the 'Next Step' button.
9. On the next page, click on the 'Verify Domain' button. A blue box will appear, containing this message: "An email with a verification link has been sent for each of the domains in your certificate." Now go to your email inbox. You should soon receive an email from ZeroSSL with the subject 'Verify Domains' and a reference number. This email contains a Verification Key. Copy the key and then click on the blue 'Go To Verification Page' link.
10. On the next page, paste the Verification Key into the empty field and click on the 'Next' button. You should now see this message: "You have entered the correct Domain Control Validation code. Your certificate will now be issued and emailed to you shortly."
11. You will receive another email shortly titled 'Certificate Issued'. Open the email and click on the blue 'Install Certificate' link, which will take you to the 'Install Certificate' page of your ZeroSSL dashboard. In the 'Download Certificate' tab, click on the 'Download Certificate' button. Save the .zip file in a secure location on your computer. Now click on the 'Next Step' button, which will open the 'Install Certificate' tab.
12. On your computer, open the folder that you stored the .zip file in and unzip/extract it (if you don't know how to do this, read this short guide). In the extracted folder, you will find these three files: 'ca_bundle.crt', 'certificate.crt', and 'private.key'. Now, go back to the home page of your hosting plan dashboard and open your control panel (often called 'cPanel').
13. In your control panel, locate the 'SECURITY' section and click on the 'SSL/TLS' link. On the next page, click on the 'Configure' button next to your domain name. You should now see a page with three large empty fields named 'Private Key', 'CSR', and 'Certificate'. If you cannot find these fields, contact your web server/hosting provider to ask where they are located.
14. On your computer, go back to the folder containing the three SSL certificate files. Using a basic text editor, open the file named 'private.key'. It contains a long string of code starting with '-----BEGIN RSA PRIVATE KEY-----
'. Copy the block of code in its entirety and paste it into the 'Private Key' field on the 'SSL/TLS' page. Now click on the 'Upload Key' button next to the field.
15. On your computer, go back to the folder containing the three SSL certificate files and this time, open the file named 'certificate.crt'. The code in this file starts with '-----BEGIN CERTIFICATE-----
'. Copy the block of code in its entirety and paste it into the 'Certificate' field on the 'SSL/TLS' page. Now click on the 'Upload Certificate' button next to the field.
16. Finally, go back to the ZeroSSL dashboard and in the 'Install Certificate' tab, click on the 'Check Installation' button to ensure that your SSL certificate works. If not, wait a few minutes and check again until the 'Installation Complete' tab shows a green check mark.
Excellent work, you've finished the identifier setup process!
To activate your identifier, complete Step 7: Nostr profile update.
Step 7
Nostr profile update
Lastly, follow these instructions to activate your Nostr identifier:
1. In your Nostr client, go to your profile settings and enter your identifier into the NIP-05 field. As explained in Step 1, Nostr identifiers look like email addresses. They consist of three components; a username, SLD, and TLD. Using our example identifier, the NIP-05 field entry would be nostrich@nostrsovrn.com. Be sure to save your profile settings once you've entered your new identifier.
2. In your Nostr client, navigate back to your profile page, which should now display a check mark and/or your identifier domain. If it doesn't, go back to the NIP-05 field in your Nostr profile settings and make sure that there are no extra spaces preceding or following your identifier. If there are, remove them and re-save your settings. Now close and restart your Nostr client (even if there weren't any extra spaces).
Congratulations, you're now a self-reliant, sovereign Nostrich! 🤙
To add additional functionality to your new address, complete the optional steps below, starting with Step 8: Lightning configuration
Step 8 (optional)
Lightning configuration
By adding a simple redirect command to your domain’s .htaccess file, you can use your Nostr identifier as a deposit address for your Lightning wallet. Follow these instructions to set up Lightning forwarding for your identifier:
1. From the home page of your hosting plan dashboard, open your control panel. If you're using Namecheap, go to your account dashboard, click on the 'Hosting List' tab and then on the 'GO TO CPANEL' button (or simply return to your control panel tab if you kept it open after completing Step 5).
2. In your control panel, locate the 'FILES' section and click on the 'File Manager' link.
3. In the file manager, open the main/root folder of your identifier domain (if you're using Namecheap and your identifier domain is your main and/or only domain, you are already in the root folder). Now right-click on the '.htaccess' file and then click on the 'Edit' button.
4. Open this template file and copy the short code snippet it contains, then paste it into the '.htaccess' file (below the existing contents). Now, replace 'YOUR_NOSTR_USERNAME' with your Nostr username (the first part of your identifier). Using our example identifier, that would be nostrich.
5. Next, replace 'YOUR_LIGHTNING_WALLET_ID' with the first part of your actual Lightning wallet address, as determined by your Lightning wallet client. The code snippet in the template file is based on Lightning forwarding for Wallet of Satoshi. If you'd like to set it up for a different client, it's usually just a matter of replacing 'walletofsatoshi.com' with the domain name of your Lightning client (but you should consult your Lightning client developer about this beforehand). Be sure to save the file when you're done.
6. In your Nostr client, go to your profile settings and enter your Lightning forwarding address into the (Bitcoin) Lightning address field. Remember, your Lightning forwarding address looks exactly like your Nostr identifier. Using our example identifier, the Lightning field entry would be nostrich@nostrsovrn.com. Be sure to save your profile settings once you've entered your new Lightning deposit address.
Nicely done, you can now receive Lightning payments (i.e. zaps) using your independent Nostr address.
If you'd also like to have an email address that matches your Nostr address,
continue with Step 9: Email configuration
Step 8 of the Nostr Sovrn guide is based on this excellent Lightning forwarding guide written by EzoFox. A special 'thank you' goes out to him. Please consider sending some sats to Ezo's Lightning address: ezofox@orangepill.dev.
Step 9 (optional)
Email configuration
As mentioned at the beginning of this guide, Nostr identifiers look like email addresses and now that you have a hosting plan, you can set up an email address that’s identical to your Nostr address. To do so, follow these instructions:
1. From the home page of your hosting plan dashboard, open your control panel. If you're using Namecheap, go to your account dashboard, click on the 'Hosting List' tab and then on the 'GO TO CPANEL' button (or simply return to your control panel tab if you kept it open after completing Step 5).
2. In your control panel, locate the 'EMAIL' section and click on the 'Email Accounts' link. On the next page, you will see a panel titled 'CREATE AN EMAIL ACCOUNT' . Your identifier domain should be preselected in the 'Domain' drop-down list (if not, select it).
3. In the 'Username' field, type your username (the first part of your identifier). You can now already see that your email address matches your Nostr address.
4. Next, in the 'Password' section, click on the 'Generate' button to create a strong password for your new email address (or create a strong password yourself). Be sure to store your password securely. Next, locate and click on the 'Edit Settings' button and set your email address storage space to 'Unlimited'. Now click on the blue '+ Create' button.
5. In the 'Email Accounts' panel, you will now see your newly create email address, which is already working. Click on the 'Check Email' button. You will now be taken to your email dashboard, where you will see various email account settings that you may find useful, including 'Forwarders' (allowing you to forward incoming emails to other email addresses) and the ability to set up access to your new email account on mobile devices.
6. Lastly, click on the blue 'Open' button to open your email inbox. If you'd like to skip your email account settings and go straight to your inbox next time you log in, simply tick the 'Open my inbox when I log in' box.
Fantastic, you now have a self-hosted email address that matches your Nostr address.
If you followed all 9 steps of the Nostr Sovrn setup guide, you can now share your Nostr pubkey, receive Lightning zaps and exchange emails using a single address.
Well done, Sovereign Nostrich 🧡