diff --git a/modules/lnd.nix b/modules/lnd.nix
index 950b3b0..cf5fa9c 100644
--- a/modules/lnd.nix
+++ b/modules/lnd.nix
@@ -201,7 +201,7 @@ in {
           # Retrying is necessary because it can happen that the lnd socket is
           # existing, but the RPC service isn't yet, which results in error
           # "waiting to start, RPC services not available".
-          curl = "${pkgs.curl}/bin/curl -s --show-error --retry 10";
+          curl = "${pkgs.curl}/bin/curl -s --show-error --retry 10 --cacert ${secretsDir}/lnd-cert";
           restUrl = "https://${cfg.restAddress}:${toString cfg.restPort}/v1";
         in [
           (nbLib.script "lnd-create-wallet" ''
@@ -216,14 +216,11 @@ in {
               if [[ ! -f "$mnemonic" ]]; then
                 echo Create lnd seed
                 umask u=r,go=
-                ${curl} \
-                  --cacert ${secretsDir}/lnd-cert \
-                  -X GET ${restUrl}/genseed | ${pkgs.jq}/bin/jq -c '.cipher_seed_mnemonic' > "$mnemonic"
+                ${curl} -X GET ${restUrl}/genseed | ${pkgs.jq}/bin/jq -c '.cipher_seed_mnemonic' > "$mnemonic"
               fi
 
               echo Create lnd wallet
               ${curl} --output /dev/null \
-                --cacert ${secretsDir}/lnd-cert \
                 -X POST -d "{\"wallet_password\": \"$(cat ${secretsDir}/lnd-wallet-password | tr -d '\n' | base64 -w0)\", \
                 \"cipher_seed_mnemonic\": $(cat "$mnemonic" | tr -d '\n')}" \
                 ${restUrl}/initwallet
@@ -237,19 +234,12 @@ in {
               echo Unlock lnd wallet
               ${curl} \
                 -H "Grpc-Metadata-macaroon: $(${pkgs.xxd}/bin/xxd -ps -u -c 99999 '${networkDir}/admin.macaroon')" \
-                --cacert ${secretsDir}/lnd-cert \
                 -X POST \
                 -d "{\"wallet_password\": \"$(cat ${secretsDir}/lnd-wallet-password | tr -d '\n' | base64 -w0)\"}" \
                 ${restUrl}/unlockwallet
             fi
-            state=""
-            while [ "$state" != "RPC_ACTIVE" ]; do
-              state=$(${curl} \
-                --cacert ${secretsDir}/lnd-cert \
-                -d '{}' \
-                -X POST \
-                ${restUrl}/state |\
-                ${pkgs.jq}/bin/jq -r '.state')
+            # Wait until the wallet has been unlocked and RPC is fully active
+            while [[ $(${curl} -d '{}' -X POST ${restUrl}/state | ${pkgs.jq}/bin/jq -r '.state') != RPC_ACTIVE ]]; do
               sleep 0.1
             done
           '')
@@ -261,7 +251,6 @@ in {
               macaroonPath="$RUNTIME_DIRECTORY/${macaroon}.macaroon"
               ${curl} \
                 -H "Grpc-Metadata-macaroon: $(${pkgs.xxd}/bin/xxd -ps -u -c 99999 '${networkDir}/admin.macaroon')" \
-                --cacert ${secretsDir}/lnd-cert \
                 -X POST \
                 -d '{"permissions":[${cfg.macaroons.${macaroon}.permissions}]}' \
                 ${restUrl}/macaroon |\
diff --git a/test/tests.nix b/test/tests.nix
index ef48631..b501ad3 100644
--- a/test/tests.nix
+++ b/test/tests.nix
@@ -52,6 +52,12 @@ let
           clboss.path = "${nbPkgs.clboss}/bin/clboss";
         };
       in map (plugin: pluginPkgs.${plugin}.path) enabled;
+      # Torified 'dig' subprocesses of clboss don't respond to SIGTERM and keep
+      # running for a long time when WAN is disabled, which prevents clightning units
+      # from stopping quickly.
+      # Set TimeoutStopSec for faster stopping.
+      systemd.services.clightning.serviceConfig.TimeoutStopSec =
+        mkIf config.services.clightning.plugins.clboss.enable "500ms";
 
       tests.spark-wallet = cfg.spark-wallet.enable;