Hi,
I have several Ubuntu 22.04 servers running with LXD/6 (via Snap). The certificates of my LXD instances have expired and I have created new ones with:
I reloaded the lxd deamon and I get the correct expiration dates.
But when I try to add the remote server again, it asks for a token (that I create with ‘lxc config trust add --name ’) but then I get :
Error: The provided certificate is expired
What could be wrong?
@heinsaris you probably need to remove the old certificates, they are usually saved under ~/snap/lxd/common/config/servercerts/
Another way to do this is to lxc remote remove the corresponding remote before consuming a fresh token.
Hi Simon,
Thank you for your response. I have found the cause of the problem. Not only the server certificates were expired, but also (some of) the client certificates. But not all of them. So for some servers I managed to add the remotes again, and for some not. The "Error: The provided certificate is expired’ was not for the server certificate (which I just renewed for another ten years), but the client certificate of the client for which I tried to add a remote.
What needs to be done when you get the above error is remove the client certificate on the client machine which can be found in ~/snap/lxd/common/config/. Both client.crt and client.key must be removed (or renamed) and then when you call lxc remote add it will generate a new client certificate.
So if your lxd server certificate expires, also check the client certificates and renew them too when needed.
Once I figured this out everything went smoothly.
This topic was automatically closed 6 hours after the last reply. New replies are no longer allowed.