So I want to import an image like this:
lxc image import https://lxd-images.local:8080/ --alias some-name
I copied the servers self-signed certificate to to /etc/ca-certificates/trust-source/anchors/lxdocker.crt
, ran update-ca-trust
and curl
is happy.
But lxc still doesn’t like it:
Error: Head "https://lxd-images.local:8080/": x509: certificate signed by unknown authority
The same happens if I add a simplestreams remote like this:
lxc remote add my-remote https://lxd-images.local:8080 --protocol=simplestreams
The command succeeds but lxc launch
doesn’t like the certificate.
What DOES work is copying the cert to /root/.config/lxc/servercerts/lxdocker.crt
Unfortunately that doesn’t work when using URLs with lxc import
though.
So how can I find out why GOs http client doesn’t trust my certificate when relying on the system certificate store?