ACME certificates not syncing with backup node
-
Hi gentlemen out there,
I have setup for Pfsense in HA/SYNC cluster mode (Master and Backup) with CARP vrrp configured.
Sync is working fine with HAProx and others like FW rules, it we create a rule on Master node HAProxy like fronted and it immediately replicate to backup node, this is fine as expected.
But when comes to ACME certificate, after creating on Master it's not replicating to Backup automatically and i see nothing on backup side.If i go to Master node and see System > High Avail. sync > Select options to sync > Certificate option is checked already.
On both nodes HAProxy and ACME packages are installed!
Thanks in advance!
-
@sshami I am seeing the exact same issue.
-
Have you solved this?
-
Does anybody have ideas for diagnosing this?
-
-
@mrpete
The solution is in the HA mode, you have to install ACME package only on Master node not on the backup node.
On Master node > System > High Avail. sync > Select options to sync > Certificate option checkedOnce certificate is created on Master, you can find certificate on Backup node here > System > Cert Manager > Certificates
So basically in case if Master goes down, Backup node manage certificate request for client only this node can't create/issue certificates.
-
This post is deleted! -
@sshami
Actually, it is not syncing at the Cert manager level either. :(Maybe having ACME installed on Secondary causes trouble for Cert manager sync???
I'll do some testing...
-
@sshami said in ACME certificates not syncing with backup node:
The solution is in the HA mode, you have to install ACME package only on Master node not on the backup node.
@mrpete said in ACME certificates not syncing with backup node:
Maybe having ACME installed on Secondary causes trouble for Cert manager sync???
That literally IS what @sshami already wrote ;)
If you have ACME stuff that you want replicated, only install ACME package on the primary node, NOT on the secondary one and let the certs sync normally via HA instead of having two packages battle it out :)