diff --git a/network/backend/lnd/conn.go b/network/backend/lnd/conn.go
index 0d82a45..7a5f442 100644
--- a/network/backend/lnd/conn.go
+++ b/network/backend/lnd/conn.go
@@ -1,10 +1,7 @@
 package lnd
 
 import (
-	"crypto/tls"
-	"crypto/x509"
-	"encoding/hex"
-	"fmt"
+	"io/ioutil"
 	"net/url"
 
 	"github.com/pkg/errors"
@@ -19,7 +16,7 @@ import (
 )
 
 func newClientConn(c *config.Network) (*grpc.ClientConn, error) {
-	macaroonBytes, err := hex.DecodeString(c.Macaroon)
+	macaroonBytes, err := ioutil.ReadFile(c.Macaroon)
 	if err != nil {
 		return nil, err
 	}
@@ -31,31 +28,16 @@ func newClientConn(c *config.Network) (*grpc.ClientConn, error) {
 	}
 
 	macConstraints := []macaroons.Constraint{
-		// We add a time-based constraint to prevent replay of the
-		// macaroon. It's good for 60 seconds by default to make up for
-		// any discrepancy between client and server clocks, but leaking
-		// the macaroon before it becomes invalid makes it possible for
-		// an attacker to reuse the macaroon. In addition, the validity
-		// time of the macaroon is extended by the time the server clock
-		// is behind the client clock, or shortened by the time the
-		// server clock is ahead of the client clock (or invalid
-		// altogether if, in the latter case, this time is more than 60
-		// seconds).
 		macaroons.TimeoutConstraint(c.MacaroonTimeOut),
-
-		// Lock macaroon down to a specific IP address.
 		macaroons.IPLockConstraint(c.MacaroonIP),
-
-		// ... Add more constraints if needed.
 	}
 
-	// Apply constraints to the macaroon.
 	constrainedMac, err := macaroons.AddConstraints(mac, macConstraints...)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
 
-	cred, err := newCredentialsFromCert(c.Cert)
+	cred, err := credentials.NewClientTLSFromFile(c.Cert, "")
 	if err != nil {
 		return nil, err
 	}
@@ -68,8 +50,6 @@ func newClientConn(c *config.Network) (*grpc.ClientConn, error) {
 	opts := []grpc.DialOption{
 		grpc.WithTransportCredentials(cred),
 		grpc.WithPerRPCCredentials(macaroons.NewMacaroonCredential(constrainedMac)),
-		// We need to use a custom dialer so we can also connect to unix sockets
-		// and not just TCP addresses.
 		grpc.WithDialer(lncfg.ClientAddressDialer(u.Port())),
 		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(c.MaxMsgRecvSize)),
 	}
@@ -81,15 +61,3 @@ func newClientConn(c *config.Network) (*grpc.ClientConn, error) {
 
 	return conn, nil
 }
-
-func newCredentialsFromCert(cert string) (credentials.TransportCredentials, error) {
-	b, err := hex.DecodeString(cert)
-	if err != nil {
-		return nil, err
-	}
-	cp := x509.NewCertPool()
-	if !cp.AppendCertsFromPEM(b) {
-		return nil, fmt.Errorf("credentials: failed to append certificates")
-	}
-	return credentials.NewTLS(&tls.Config{ServerName: "", RootCAs: cp}), nil
-}