diff --git a/scripts/cdk/deploy.ts b/scripts/cdk/deploy.ts
index 32e3632ac..c6a988397 100755
--- a/scripts/cdk/deploy.ts
+++ b/scripts/cdk/deploy.ts
@@ -19,7 +19,7 @@ void async function () {
 
     /** Set public environment variables */
     if (process.env.STAGE === 'sandbox') { // Todo switch to dev before merging
-        process.env.PUBLIC_ETHEREUM_RPC_URL = 'http://nodes.casimir.co/eth/hardhat'
+        process.env.PUBLIC_ETHEREUM_RPC_URL = 'https://nodes.casimir.co/eth/hardhat'
     }
     process.env.PUBLIC_USERS_URL = `https://users.${process.env.STAGE}.casimir.co`
     process.env.PUBLIC_CRYPTO_COMPARE_API_KEY = await getSecret('casimir-crypto-compare-api-key')
diff --git a/services/nodes/nginx.conf b/services/nodes/nginx.conf
index 021a1a08e..8df56b30f 100644
--- a/services/nodes/nginx.conf
+++ b/services/nodes/nginx.conf
@@ -38,14 +38,11 @@ http {
     server {
         # Proxy endpoints named as /{currency}/{network}    
         # Routed from nodes.casimir.co
-        listen 10.0.0.17:80;
-        listen 10.0.0.17:443 ssl;
-        ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
-        ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
-
-        # Restrict connections only to username/password  
-        auth_basic “Restricted”;
-        auth_basic_user_file /etc/nginx/.htpasswd;
+        listen 80;
+        listen [::]:80;
+        listen 443;
+        listen [::]:443;
+        server_name nodes.casimir.co;
 
         # Configure proxies to handle SSE and websockets
         proxy_http_version 1.1;
@@ -60,23 +57,43 @@ http {
         proxy_set_header X-NginX-Proxy true;
         proxy_buffering off;
 
+        # Allow SSL validation
+        location ~ /\.well-known/acme-challenge/ {
+            allow all;
+            root /var/www/letsencrypt;
+            try_files $uri =404;
+            break;
+        }
+
         # Ethereum mainnet execution archive RPC API 
         location ^~ /eth/mainnet {
+            # Restrict connections only to username/password  
+            auth_basic “Restricted”;
+            auth_basic_user_file /etc/nginx/.htpasswd;
             proxy_pass http://eth_mainnet/;
         }
 
         # Ethereum goerli execution archive RPC API
         location ^~ /eth/goerli {
+            # Restrict connections only to username/password  
+            auth_basic “Restricted”;
+            auth_basic_user_file /etc/nginx/.htpasswd;
             proxy_pass http://eth_goerli/;
         }
 
         # Ethereum goerli execution archive GraphQL API
         location = /eth/goerli/graphql {
+            # Restrict connections only to username/password  
+            auth_basic “Restricted”;
+            auth_basic_user_file /etc/nginx/.htpasswd;
             proxy_pass http://eth_goerli/graphql;
         }
 
         # Ethereum goerli consensus archive RPC API
         location ^~ /eth/goerli/ {
+            # Restrict connections only to username/password  
+            auth_basic “Restricted”;
+            auth_basic_user_file /etc/nginx/.htpasswd;
             proxy_pass http://eth_prater/;
         }