Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    ACME certificates not syncing with backup node

    ACME
    3
    6
    491
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sshami last edited by

      Hi gentlemen out there,
      I have setup for Pfsense in HA/SYNC cluster mode (Master and Backup) with CARP vrrp configured.
      Sync is working fine with HAProx and others like FW rules, it we create a rule on Master node HAProxy like fronted and it immediately replicate to backup node, this is fine as expected.
      But when comes to ACME certificate, after creating on Master it's not replicating to Backup automatically and i see nothing on backup side.

      If i go to Master node and see System > High Avail. sync > Select options to sync > Certificate option is checked already.

      On both nodes HAProxy and ACME packages are installed!

      Thanks in advance!

      MrPete 1 Reply Last reply Reply Quote 1
      • MrPete
        MrPete @sshami last edited by

        @sshami I am seeing the exact same issue.

        1. Have you solved this?

        2. Does anybody have ideas for diagnosing this?

        S 1 Reply Last reply Reply Quote 0
        • S
          sshami @MrPete last edited by

          @mrpete
          The solution is in the HA mode, you have to install ACME package only on Master node not on the backup node.
          On Master node > System > High Avail. sync > Select options to sync > Certificate option checked

          Once certificate is created on Master, you can find certificate on Backup node here > System > Cert Manager > Certificates

          So basically in case if Master goes down, Backup node manage certificate request for client only this node can't create/issue certificates.

          MrPete JeGr 3 Replies Last reply Reply Quote 1
          • MrPete
            MrPete @sshami last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • MrPete
              MrPete @sshami last edited by

              @sshami
              Actually, it is not syncing at the Cert manager level either. :(

              Maybe having ACME installed on Secondary causes trouble for Cert manager sync???

              I'll do some testing...

              1 Reply Last reply Reply Quote 0
              • JeGr
                JeGr LAYER 8 Moderator @sshami last edited by

                @sshami said in ACME certificates not syncing with backup node:

                The solution is in the HA mode, you have to install ACME package only on Master node not on the backup node.

                @mrpete said in ACME certificates not syncing with backup node:

                Maybe having ACME installed on Secondary causes trouble for Cert manager sync???

                That literally IS what @sshami already wrote ;)
                If you have ACME stuff that you want replicated, only install ACME package on the primary node, NOT on the secondary one and let the certs sync normally via HA instead of having two packages battle it out :)

                Don't forget to upvote πŸ‘ those who kindly offered their time and brainpower to help you!

                If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post