New cluster certificates

A brief question: I want to switch the LXD cluster from its self generated certificates to centrally managed ones. I can (obviously) reinstall LXD on all the hosts to do this, or can just update the config for the controller, add trust relationships and add the certificates to the workers.

Has anyone tried the reconfig with certificates or should I just go for a reinstall?


Replacing cluster.crt and cluster.key on all nodes and then doing systemctl reload snap.lxd.daemon should do what you want.

We’ve got some planned work over the next 6 months to add an API that allows you to do that, making it easier for folks to script with letsencrypt and the like.