canonical/lxd

Feature request: update-certificate for standalone nodes

Opened this issue · 0 comments

LXD Cluster members have a nice built-in method to update certificates:
https://documentation.ubuntu.com/lxd/en/latest/reference/manpages/lxc/cluster/update-certificate/

lxc cluster update-certificate /path/to/fullchain.pem /path/to/privkey.pem

Unfortunately the current method for standalone LXD hosts is to do it manually:

  • copy your certificate to /var/snap/lxd/common/lxd/server.crt
  • copy key to /var/snap/lxd/common/lxd/server.key
  • systemctl reload snap.lxd.daemon.service

I would like to request this feature be similar for both standalone and clusters, for example:

lxc config update-certificate /path/to/fullchain.pem /path/to/privkey.pem

Previously not as important, but now with the Web UI here I think this is a nice and simple feature to keep the same across both standalone and clustered hosts.