Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
High availability
»
ACME Client does not sync
« previous
next »
Print
Pages: [
1
]
Author
Topic: ACME Client does not sync (Read 949 times)
anomaly0617
Jr. Member
Posts: 50
Karma: 0
ACME Client does not sync
«
on:
March 25, 2024, 01:28:35 am »
Has anyone mentioned that the ACME client does not stay synchronized together with HA?
I see where some settings come over, but specifically certificates are not being copied, so if one server has the certificates and the other doesn't, when they flip-flop, suddenly a bunch of sites come up with non-existant/expired certificates. This is happening using the HAProxy Reverse Proxy solution. HAProxy is sync'ing up, but ACME-Client isn't.
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: ACME Client does not sync
«
Reply #1 on:
April 29, 2024, 01:16:11 pm »
acme-client can't run in HA mode.. it's just two separate instances creating certificates independently. I reckon this is going to be an issue syncing other configuration and mismatching on these different certificate pools.
https://github.com/opnsense/plugins/blob/master/security/acme-client/src/etc/inc/plugins.inc.d/acmeclient.inc#L83-L87
Cheers,
Franco
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1593
Karma: 176
Re: ACME Client does not sync
«
Reply #2 on:
April 29, 2024, 01:21:58 pm »
Caddy can do that.
https://docs.opnsense.org/manual/how-tos/caddy.html#caddy-and-high-availability-setups
It can issue certificates on master and backup OPNsense automatically at the same time.
Logged
Hardware:
DEC740
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
High availability
»
ACME Client does not sync