Pylxd: certificate verify failed: self signed certificate

rkelleyrtp · January 26, 2022, 3:47pm

Greetings all,

I have been working with LXD for a few years now and wanted to start using Python to manage my servers. I have python-3, pip3, and pylxd on my server but am having issues getting it working properly. This is a Debian 11 server with lxd 4.21 installed via snap.

Per the pylxd docs here, I created they openssl keypair and tried running the following python script:

#!/usr/bin/env python3
from pylxd import Client
client=Client(endpoint='https://172.16.21.15:8443', cert=('lxd.crt', 'lxd.key'))
client.trusted

However, I get the following message trying to run the script:

pylxd.exceptions.ClientConnectionFailed: HTTPSConnectionPool(host='172.16.21.15', port=8443): 
Max retries exceeded with url: /1.0 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: 
CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1123)')))`

I re-read the pylxd docs but I can’t find the answer anywhere. Any pointers?

turtle0x1 · January 26, 2022, 5:21pm

https://pylxd.readthedocs.io/en/latest/usage.html#client

Note: in the case where the certificate is self signed (LXD default), you may need to pass verify=False.

stgraber · January 26, 2022, 6:19pm

I think there is a verify argument to Client which you can either set to False to turn off certification validation, or more safely, can set to the expected server certificate to have it validated.

rkelleyrtp · January 27, 2022, 2:22am

Thanks to both of you. I read it so many times my eyes must have just missed this. Appreciate the help!