How does one get the correct certificates?

Are there any best practices to manage certificates needed for LXD?
To get an image from i need a certificate.
So I have code like this:

cert = ssl.get_server_certificate((config.lxd_server, config.lxd_port))
container_spec = {
    "name": testbed,
    "source": {
        "type": "image",
        "mode": "pull",
        "server": f"https://{config.lxd_server}:{config.lxd_port}",
        "protocol": "lxd",
        "certificate": cert,
        "alias": testbed,
    "devices": {
        "mount-results": {
            "path": "results",
            "type": "disk",
            "source": result_location,

container = client.instances.create(container_spec, wait=True)

So what is the best practice to get these certs? Just ship them with the app? But then how to update them?

You do not need to pass in the certificate for any server which has a valid CA signed certificate as is the case for our image servers.

You only need to pass it if it’s another LXD server and it’s therefore using a self signed certificate.

1 Like