diff --git a/Cargo.lock b/Cargo.lock
index d3fa847..12d4b31 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -5014,7 +5014,7 @@ dependencies = [
  "native-tls",
  "prost 0.12.6",
  "regex",
- "reqwest 0.11.20",
+ "reqwest 0.12.5",
  "rust_socketio",
  "sea-orm",
  "serde",
diff --git a/Cargo.toml b/Cargo.toml
index e1d0f9c..6ca7330 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -26,7 +26,7 @@ dotenv = "0.15.0"
 tracing = "0.1.40"
 tracing-subscriber = { version = "0.3.18", features = ["json", "env-filter"] }
 jsonwebtoken = "9.3.0"
-reqwest = "=0.11.20"
+reqwest = { version = "0.12.5", features = ["json"] }
 uuid = { version = "1.9.1", features = ["v4", "serde"] }
 chrono = "0.4.38"
 thiserror = "1.0.61"
diff --git a/config/default.toml b/config/default.toml
index dd388e9..4ac0113 100644
--- a/config/default.toml
+++ b/config/default.toml
@@ -36,6 +36,7 @@ connect_timeout = "5s"
 timeout = "30s"
 connection_verbose = true
 accept_invalid_certs = false
+accept_invalid_hostnames = false
 maxfeepercent = 0.5
 payment_timeout = "60s"
 payment_exemptfee = 5000
diff --git a/src/infra/lightning/cln/cln_rest_client.rs b/src/infra/lightning/cln/cln_rest_client.rs
index 600486b..d1b0d10 100644
--- a/src/infra/lightning/cln/cln_rest_client.rs
+++ b/src/infra/lightning/cln/cln_rest_client.rs
@@ -37,6 +37,7 @@ pub struct ClnRestClientConfig {
     #[serde(deserialize_with = "deserialize_duration")]
     pub timeout: Duration,
     pub accept_invalid_certs: bool,
+    pub accept_invalid_hostnames: bool,
     pub maxfeepercent: Option<f64>,
     #[serde(deserialize_with = "deserialize_duration")]
     pub payment_timeout: Duration,
@@ -80,7 +81,9 @@ impl ClnRestClient {
             let ca_certificate = Self::read_ca(ca_cert_path)
                 .await
                 .map_err(|e| LightningError::ReadCertificates(e.to_string()))?;
-            client_builder = client_builder.add_root_certificate(ca_certificate);
+            client_builder = client_builder
+                .add_root_certificate(ca_certificate)
+                .danger_accept_invalid_hostnames(config.accept_invalid_hostnames);
         }
 
         let client = client_builder
diff --git a/src/infra/lightning/cln/cln_websocket_client.rs b/src/infra/lightning/cln/cln_websocket_client.rs
index fa27a3c..095ea92 100644
--- a/src/infra/lightning/cln/cln_websocket_client.rs
+++ b/src/infra/lightning/cln/cln_websocket_client.rs
@@ -41,9 +41,10 @@ pub async fn connect_websocket(
             .map_err(|e| LightningError::ReadCertificates(e.to_string()))?;
         let tls_connector = TlsConnector::builder()
             .add_root_certificate(ca_certificate)
+            .danger_accept_invalid_hostnames(config.accept_invalid_hostnames)
             .build()
             .map_err(|e| LightningError::TLSConfig(e.to_string()))?;
-        client_builder = client_builder.tls_config(tls_connector);
+        client_builder = client_builder.tls_config(tls_connector.clone());
     }
 
     if config.accept_invalid_certs {