Incus Go client unable to read pem certificate while accessing remote host

mt0 · March 31, 2025, 3:02pm

Greetings and I take this opportunity to applaud the efforts made to continue making the Incus project a success.

Personally, I am writing a wrapper API that will consume the incus API remotely on another host rather than the usual Unix socket way and I got into an error where I needed guidance and help to resolve it quicker.

I generated certificates from the Incus server (VirtualBox Ubuntu 22.04 VM) using incus remote generate-certificate and securely copied them to use them from a Go API running locally (Windows 11).

The environment variables are set to paths pointing to the client.crt and server.crt certificates together with the client.key within the same root folder of the project as shown in the screenshot.

When attempting to make the incus.ConnectIncus(remoteUrl, config) call it fails with this error stating: tls: failed to find any PEM data in certificate input and I have provided all of them in the environment variables as paths.

This is the output error

Any guidance to rectify the issue will be appreciated…

stgraber · March 31, 2025, 3:06pm

TLSClientCert, TLSClientKey and TLSServerCert need to contain the certificate itself, not the path to the certificate.

So you need to use something like os.ReadFile and then set those variables to the content of the files.

mt0 · March 31, 2025, 3:14pm

Thanks @stgraber

So to re-iterate, I need to read the file from path instead of passing the path. This is what I am going to do next.

Also I had tried this by adding the certificates inside the environment variables but it was failing with the same error.
Is this recommended?

stgraber · March 31, 2025, 3:15pm

Most likely the line breaks didn’t translate correctly, that’d be my best guess anyway as the PEM parser is picky about that.

mt0 · March 31, 2025, 3:18pm

Alright then.
Thank you once again.
Let me debug it once more and get back with the solution…

mt0 · March 31, 2025, 4:37pm

@stgraber

Its correct that reading the file using os.ReadFile and converting to string worked and eventually the Incus client was able to communicate with the remote host.