Error: Failed to join cluster: Failed to setup cluster trust: failed to connect to target cluster node:
Get \"https://192.168.10.10:8443/1.0\": x509: certificate is valid for 127.0.0.1, ::1, not 192.168.10.10
Am I holding it wrong or should the docs recommend to generate custom certs if I want to setup a cluster?
Or is this even a bug in LXD that it shouldn’t check for the hostname?
LXD doesn’t check the DNS records or addresses in the cert, instead we just check that the certificate is a perfect match with the one the client has.
In general, when connecting to a cluster, cluster.crt is what should be expected from the LXD API, not server.crt. This will become even more important as we’re now working on decoupling the two, making them always different and having server.crt be used only for internal node-to-node traffic.
The reason why you get this error is just how Go’s TLS stack works when it doesn’t find an exact certificate match, when that happens we fallback to the system’s normal CA handling so that users can use a valid TLS certificate, that handler does expect a valid DNS/IP match and so you get that error. But in your case, it means you didn’t supply the correct certificate.