This post shows how to setup the Incus UI
- expose the port 8443
- create the user certificate
- install the user certificate to Incus and your browser
- troubleshooting
- auxiliary explanations.
This post was written in response to a user’s question.
1 Like
Hello Simos, thank you for writing this how-to. I do have a question. You mention replacing the /var/lib/incus/server.{crt,key} with properly-signed ones using ‘incus cluster update-certificate’ (minor typo: the article still says ‘lxc cluster update-certificate’) so that the browser does not complain about self-signed certificates. However, when I use that command it updates the /var/lib/incus/cluster.{crt,key} files on all nodes and does not touch the server.{crt,key} files.
Do you or anyone know if there is a different way to use a command to update the https TLS certificate in the server.{crt,key} files?
I think I didn’t fully read what you said in the article. You do mention that you use the cluster command to update it and I guess I assumed that would update the server file and you did not mention that there is a separate cluster file.
Unfortunately I don’t have my original self-signed certs but I am gathering that for a cluster you need the cert to have subject-alternate names for each cluster member? I ask because I notice that my remote clients are expecting the cert to cover the FQDN of each node. If they are all the same then a single cert needs to be valid for all the node names.
Thanks, I fixed the typo.
I have not tested the cluster setup and I merely conveyed what (I understood that) is said in this post, Possible to use a 'real' SSL certificate for LXD API rather than self-signed? - #2 by stgraber
I think that @stgraber can shed some light here.