Incus ui install - error using token not authorized

I am trying to get the web ui configured, I have gone through the steps in both firefox and chrome but I continue to encounter the same error.

I’ve seen the comment that this is a know issue with firefox and it is corrected by restarting the browser, but that has not corrected the issue for me.

In chrome I am initially prompted in a popup to select a certificate and I can select the incus ui certificate I added in a previous step, but then in the ui I am prompted to create a new certificate or add an existing certificate. I encounter the same error when I walk through the steps to add an existing certificate.

Any help or direction would be appreciated!

Do you happen to have the .crt for that certificate you have in your browser?

If you do, you can manually add it to the trust store with incus config trust add-certificate /path/to/cert.crt which will then make the UI work.

Thank you for a quick response. Yes I do have this file and I did add it previously. To verify I ran incus config trust list and it shows in the resulting list.

Can you try going to /1.0 in your web browser? That should show you a bunch of JSON including an indication of whether Incus sees you as trusted.

Normally if your browser correctly selects the certificate, you should appear as trusted.

I may be doing something wrong, but neither browser is finding a file at /1.0


For some reason it shows as untrusted.

And you’re accessing Incus directly, not going through some kind of proxy (nginx, haproxy, squid, work enterprise proxy, …)?

Correct. I’m on the machine Incus is installed on with no proxy being used. I need to step away to something else so I’ll continue troubleshooting this another day. I appreciate your help with this!

Okay, so sounds like your browser is either not exposing the client certificate to Incus or the certificate your browser is using doesn’t line up with the .crt that you added to your trust store.

Just wanted to circle back and close this thread. I was able to get this running by removing the existing certificates in firefox and walking through the steps to add a certificate again.
I think the issue may have come from not setting a password on the cert and that caused firefox to not trust it. I set a password (even though it notes as not required with linux) the second time through the process and everything worked as expected.
Thanks again for the help to troubleshoot this, I appreciate it!