• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

ACME certificates not syncing with backup node

Scheduled Pinned Locked Moved ACME
6 Posts 3 Posters 1.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    sshami
    last edited by May 12, 2021, 10:54 AM

    Hi gentlemen out there,
    I have setup for Pfsense in HA/SYNC cluster mode (Master and Backup) with CARP vrrp configured.
    Sync is working fine with HAProx and others like FW rules, it we create a rule on Master node HAProxy like fronted and it immediately replicate to backup node, this is fine as expected.
    But when comes to ACME certificate, after creating on Master it's not replicating to Backup automatically and i see nothing on backup side.

    If i go to Master node and see System > High Avail. sync > Select options to sync > Certificate option is checked already.

    On both nodes HAProxy and ACME packages are installed!

    Thanks in advance!

    M 1 Reply Last reply Sep 8, 2021, 7:04 PM Reply Quote 1
    • M
      MrPete @sshami
      last edited by Sep 8, 2021, 7:04 PM

      @sshami I am seeing the exact same issue.

      1. Have you solved this?

      2. Does anybody have ideas for diagnosing this?

      S 1 Reply Last reply Sep 8, 2021, 8:12 PM Reply Quote 0
      • S
        sshami @MrPete
        last edited by Sep 8, 2021, 8:12 PM

        @mrpete
        The solution is in the HA mode, you have to install ACME package only on Master node not on the backup node.
        On Master node > System > High Avail. sync > Select options to sync > Certificate option checked

        Once certificate is created on Master, you can find certificate on Backup node here > System > Cert Manager > Certificates

        So basically in case if Master goes down, Backup node manage certificate request for client only this node can't create/issue certificates.

        M J 3 Replies Last reply Sep 8, 2021, 9:00 PM Reply Quote 1
        • M
          MrPete @sshami
          last edited by Sep 8, 2021, 9:00 PM

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • M
            MrPete @sshami
            last edited by Sep 8, 2021, 9:04 PM

            @sshami
            Actually, it is not syncing at the Cert manager level either. :(

            Maybe having ACME installed on Secondary causes trouble for Cert manager sync???

            I'll do some testing...

            1 Reply Last reply Reply Quote 0
            • J
              JeGr LAYER 8 Moderator @sshami
              last edited by Sep 10, 2021, 8:01 AM

              @sshami said in ACME certificates not syncing with backup node:

              The solution is in the HA mode, you have to install ACME package only on Master node not on the backup node.

              @mrpete said in ACME certificates not syncing with backup node:

              Maybe having ACME installed on Secondary causes trouble for Cert manager sync???

              That literally IS what @sshami already wrote ;)
              If you have ACME stuff that you want replicated, only install ACME package on the primary node, NOT on the secondary one and let the certs sync normally via HA instead of having two packages battle it out :)

              Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

              If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received