Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACME certificates not syncing with backup node

    Scheduled Pinned Locked Moved ACME
    6 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sshami
      last edited by

      Hi gentlemen out there,
      I have setup for Pfsense in HA/SYNC cluster mode (Master and Backup) with CARP vrrp configured.
      Sync is working fine with HAProx and others like FW rules, it we create a rule on Master node HAProxy like fronted and it immediately replicate to backup node, this is fine as expected.
      But when comes to ACME certificate, after creating on Master it's not replicating to Backup automatically and i see nothing on backup side.

      If i go to Master node and see System > High Avail. sync > Select options to sync > Certificate option is checked already.

      On both nodes HAProxy and ACME packages are installed!

      Thanks in advance!

      MrPeteM 1 Reply Last reply Reply Quote 1
      • MrPeteM
        MrPete @sshami
        last edited by

        @sshami I am seeing the exact same issue.

        1. Have you solved this?

        2. Does anybody have ideas for diagnosing this?

        S 1 Reply Last reply Reply Quote 0
        • S
          sshami @MrPete
          last edited by

          @mrpete
          The solution is in the HA mode, you have to install ACME package only on Master node not on the backup node.
          On Master node > System > High Avail. sync > Select options to sync > Certificate option checked

          Once certificate is created on Master, you can find certificate on Backup node here > System > Cert Manager > Certificates

          So basically in case if Master goes down, Backup node manage certificate request for client only this node can't create/issue certificates.

          MrPeteM JeGrJ 3 Replies Last reply Reply Quote 1
          • MrPeteM
            MrPete @sshami
            last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • MrPeteM
              MrPete @sshami
              last edited by

              @sshami
              Actually, it is not syncing at the Cert manager level either. :(

              Maybe having ACME installed on Secondary causes trouble for Cert manager sync???

              I'll do some testing...

              1 Reply Last reply Reply Quote 0
              • JeGrJ
                JeGr LAYER 8 Moderator @sshami
                last edited by

                @sshami said in ACME certificates not syncing with backup node:

                The solution is in the HA mode, you have to install ACME package only on Master node not on the backup node.

                @mrpete said in ACME certificates not syncing with backup node:

                Maybe having ACME installed on Secondary causes trouble for Cert manager sync???

                That literally IS what @sshami already wrote ;)
                If you have ACME stuff that you want replicated, only install ACME package on the primary node, NOT on the secondary one and let the certs sync normally via HA instead of having two packages battle it out :)

                Don't forget to upvote πŸ‘ those who kindly offered their time and brainpower to help you!

                If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.