Additional host names for lxd server certificate?


I wanted to add one lxd to another as a remote by

lxc remote add somename “https://somename.fqdn:8443” --public

but couldn’t use it then because

x509: certificate is valid for somename, not somename.fqdn

Is there a way to tell LXD to add AltNames to the certificate it autogenerates?


stgraber@dakara:~$ lxc remote add test --public
Certificate fingerprint: 537657fe729d9d3f31efd870ffb23d28583617b7e306493ddd65b92beb0fb776
ok (y/n/[fingerprint])? y
stgraber@dakara:~$ lxc remote remove test

There’s something weird going on with your client. Maybe you already have a conflicting cert for that remote locally? Do you get the same when using a different name?

LXD doesn’t generally perform validation on self-signed certs, it just prompts the user to confirm the fingerprint instead and ignores the AltNames field entirely.

I have the same issue when I try to add a remote which is available thru port forward on a public IP:

lxc remote add test --public
Certificate fingerprint: d58cb2b8b2bfe84824bc9092e80413300ec26437718703e6da6dffe9478af996
ok (y/n/[fingerprint])? y
Error: Get "": tls: failed to verify certificate: x509: certificate is valid for lxd07, not

How could I disable cert validation or what should be the procdure?