diff --git a/config.go b/config.go
index 0d9b18bd..5bfdc55c 100644
--- a/config.go
+++ b/config.go
@@ -210,6 +210,7 @@ type Config struct {
 	ExternalIPs       []net.Addr
 	DisableListen     bool          `long:"nolisten" description:"Disable listening for incoming peer connections"`
 	DisableRest       bool          `long:"norest" description:"Disable REST API"`
+	DisableRestTLS    bool          `long:"no-rest-tls" description:"Disable TLS for REST connections"`
 	NAT               bool          `long:"nat" description:"Toggle NAT traversal support (using either UPnP or NAT-PMP) to automatically advertise your external IP address to the network -- NOTE this does not support devices behind multiple NATs"`
 	MinBackoff        time.Duration `long:"minbackoff" description:"Shortest backoff when reconnecting to persistent peers. Valid time units are {s, m, h}."`
 	MaxBackoff        time.Duration `long:"maxbackoff" description:"Longest backoff when reconnecting to persistent peers. Valid time units are {s, m, h}."`
diff --git a/lnd.go b/lnd.go
index f1445fcf..8a1c50fe 100644
--- a/lnd.go
+++ b/lnd.go
@@ -990,6 +990,12 @@ func getTLSConfig(cfg *Config) ([]grpc.ServerOption, []grpc.DialOption,
 	// Return a function closure that can be used to listen on a given
 	// address with the current TLS config.
 	restListen := func(addr net.Addr) (net.Listener, error) {
+		// For restListen we will call ListenOnAddress if TLS is
+		// disabled.
+		if cfg.DisableRestTLS {
+			return lncfg.ListenOnAddress(addr)
+		}
+
 		return lncfg.TLSListenOnAddress(addr, tlsCfg)
 	}