[lxc-users] lxc exec / list: x509: certificate has expired or is not yet valid
Tomasz Chmielewski
mangoo at wpkg.org
Thu Jun 2 13:16:43 UTC 2016
On 2016-06-02 21:09, Tomasz Chmielewski wrote:
> Not sure what's the procedure for this one:
>
> # lxc list
> error: Get https://10.0.0.1:8443/1.0/containers?recursion=1: x509:
> certificate has expired or is not yet valid
Apparently LXD sets up a certificate with 1 year validity when
installed, but provides no mechanism to automatically update it. And can
be a big surprise after a year :|
Also, don't see the CSR file there?
So... what is the correct procedure to update the certificate on LXD
server and make sure it's still accepted by LXD clients?
# ls /var/lib/lxd/server.* -l
-rw-r--r-- 1 root root 1834 Jun 3 2015 /var/lib/lxd/server.crt
-rw------- 1 root root 3247 Jun 3 2015 /var/lib/lxd/server.key
# openssl x509 -text -noout -in server.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
34:f0:eb:8c:3f:76:f0:db:21:01:5d:34:1c:cd:f0:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=linuxcontainer.org
Validity
Not Before: Jun 3 06:33:15 2015 GMT
Not After : Jun 2 06:33:15 2016 GMT
Subject: O=linuxcontainer.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
(...)
Tomasz Chmielewski
http://wpkg.org
More information about the lxc-users
mailing list