I opened that post again but I have get the same error. I’m little bit confused. Can someone enlighten me what cause this problem or how can I overcome?
Regards.
Go’s http library wants to validate the TLS/SSL endpoint its connecting to is using a valid certificate like one issued by Lets-encrypt ETC. If its not it will emit errors like above.
By default LXD uses a self signed cert, so the options are;
# Download the cert from lxd (assuming locahost)
openssl s_client -showcerts -connect localhost:8443 -servername localhost </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > lxd_cert.crt
# Copy cert to store (must have the extension `crt`)
sudo cp lxd_cert.crt /usr/share/ca-certificates
# Reload trusted certs from store (chose the "ask" option and mark your cert for install)
sudo dpkg-reconfigure ca-certificates
# Run a test to make sure it works (if you dont use your PC name you will get an error about subjectAltnames not matching, you CANT use "localhost" here
curl https://YOUR_PC_NAME:8443
Haven’t actually tested it with go but it should use the system store for certs.
lxd_cert.crt from above is the certificate LXD uses to server HTTPS traffic. We added this to your systems certificate store to “trick” the go library into thinking its a valid certificate (valid meaning one signed by a known CA like LetsEncrypt ETC).
Now your “go app” needs to generate a certificate which is then added to the LXD “trust store” so your “go app” app can be authenticated when trying to create containers.
Thanks @turtle0x1 for information to share, I overcome the problem like that, create a certificate as follows and change the source code like this. By the way, lxc config trust add needed for the certificate authentication.