Remote connection using Terraform

MCSAntunes · October 4, 2025, 6:48pm

Hello, everyone.

I’m new to Incus and I’m working on a fresh install.

I’m trying to connect to my server using Terraform and I’ve followed the instructions here - How to expose Incus to the network - Incus documentation

I’ve generated the token using

incus config trust add terraform

and pasted this token in my Terraform’s provider configuration:

provider "incus" {
  generate_client_certificates = true
  accept_remote_certificate    = true

  remote {
    address = "100.127.136.39"
    default = true
    name    = "station-01"
    port    = 9443
    scheme  = "https"
    token   = "mytoken"
  }
}

After running the apply command I get the following error:

Unable to create server client for remote "station-01": Get "https://100.127.136.39:9443/1.0": tls: failed to verify certificate: x509: certificate is valid for 127.0.0.1, ::1, not 100.127.136.39

I tried to debug this a bit but I didn’t get anywhere.

Here’s part of the output of the incus info command:

...
environment:
  addresses:
  - 192.168.1.110:9443
  - '[fd5d:4a02:6f40:4da5:8669:93ff:fe71:b554]:9443'
  - '[fd5d:4a02:6f40:4da5:fe0d:fa1e:5ddc:a76c]:9443'
  - 100.127.136.39:9443
  - '[fd7a:115c:a1e0::9834:8827]:9443'
  - 10.165.167.1:9443
...

And here’s some info from the certificate:

> openssl x509 -in /var/lib/incus/server.crt -text -noout | grep -A1 "Subject Alternative Name"
            X509v3 Subject Alternative Name:
                DNS:station-01, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1

I guess that the certificate wasn’t generated to accept connections from anywhere besides localhost. I’ve deleted the certificate and forced its regeneration, but it looks like the issue is still the same.

Am I missing something or doing something wrong?

Thank you in advance,

Miguel

stgraber · October 5, 2025, 3:26am

There’s some ongoing work to rework the remote mechanism in the terraform provider so this will hopefully get cleaned up soon.

The way I generally do it is by using incus remote add to add the remote to the Incus CLI, then just refer to that remote from within the terraform config rather than define the remote in the terraform config.

MCSAntunes · October 5, 2025, 5:29pm

@stgraber Thank you very much for the help, this worked perfectly and I’m now able to access Incus through Terraform.

Here are the steps I took in case someone faces the same issue:

Installed the incus-client package in my client machine.
Added the remote using: incus remote add <remote> <ip>:<port>
Make the new remote the default: incus remote switch <remote>
Update the provider block in Terraform to look like the following:

provider "incus" {

}

After this everything worked and I was able to connect to Incus without any issues.