Unable To Configure Multiple Domains Through ACME on IncusOS Clusters

Dylan_Sumser · February 12, 2026, 12:42pm

Hello everyone!

For my IncusOS cluster, I’m trying to uniquely identify specific hosts via domain names. The main reason I want to do this is to that I can access a storage bucket hosted on a local ZFS storage pool on one of my hosts via https while having the certificates managed fully by IncusOS.

I was able to configure automatic certificate provisioning via Cloudflare using the ACME configuration variables. So far, however, I’ve only been able to get a single domain name to work. This domain is then the same for all hosts in my cluster. What I’ve tried so far is:

Using a wildcard certificate so that I can use DNS records to identify my hosts uniquely.
- This failed with the following log message:

[2026/02/11 13:31:32 -03] incusd: time=“2026-02-11T16:31:32Z” level=error msg=“Failed to notify other members about config change” err=“failed to notify peer 192.168.1.10:8443: open /tmp/lego87746405/certificates/*.incus.mydomain.com.crt: no such file or directory”

Using a comma separated string to request multiple domains for all certificates
- This failes with the following log message:

Config parsing error: failed to notify peer 192.168.1.10:8443: open /tmp/lego628645085/certificates/host1.incus.mydomain.com,host2.incus.mydomain.com.crt: no such file or directory

In both cased, the peer 192.168.1.10 is my cluster leader.

My current ACME config is:

  acme.agree_tos: "true"
  acme.challenge: DNS-01
  acme.domain: working.example.com
  acme.email: redacted@example.com
  acme.provider: cloudflare
  acme.provider.environment: CLOUDFLARE_DNS_API_TOKEN=REDACTED
  acme.provider.resolvers: 1.1.1.1:53,1.0.0.1:53

Looking at legos documentation, I believe it should be possible to support this, by passing in multiple domains:

GLOBAL OPTIONS:
   --domains value, -d value [ --domains value, -d value ]      Add a domain to the process. Can be specified multiple times.

What’s unclear to me is if this is currently supported and I’m just poorly formatting my inputs, or of this is currently unsupported by IncusOS generally.

Any clarity or help would be much appreciated. Thank you!

stgraber · February 12, 2026, 4:47pm

Neither of those options are currently supported by Incus.
But as you say, lego is generally fine with both of those so adding support shouldn’t be too difficult.

Feel free to file a feature request at Sign in to GitHub · GitHub

Dylan_Sumser · February 13, 2026, 1:44pm

Thank you for the clarification! I’ve created the feature request here.