0

I've setup an ejabberd cluster with 2 nodes. I have setup ACME top level option and the value of ca_url is set to the default let's encrypt url. I have also configured a listener of port 5280, redirected from port 80 for the ACME challenge.

I have setup SRV records for my vhosts. I couldn't find any documentation regarding ACME in cluster mode.

  1. Do both the nodes need to have the same certificates?
  2. If I add a vhost and perform reload_config, will it request certificate for the new host or do I have to restart?
  3. What is the correct way to setup SRV records for cluster mode?
Daniyal Abbasi
  • 30
  • 1
  • 4

1 Answers1

1

I have almost no experience with ACME, or ACME in ejabberd, so I'll give just some ideas that wou will have to check yourself:

  1. Do both the nodes need to have the same certificates?

I'd say yes.

  1. If I add a vhost and perform reload_config, will it request certificate for the new host or do I have to restart?

Looking at ejabberd_acme.erl, when reload_config is executed, register_certfiles() is executed as if ejabberd were started. So I'd say yes.

Badlop
  • 3,840
  • 1
  • 8
  • 9
  • Thank you for your answer. If both the nodes require the same certificates, we can not really automate this using ejabberd_acme for cluster mode with the nodes running on different instance right? (Apart from sending the issued certificate from one machine to another) – Daniyal Abbasi Jun 16 '20 at 12:13