ACME renewal works on standby node not active node

MSP Toolkit
Minimal guidance for messy support realities.
Submitted by Anonymous (not verified) on

Scenario

A clustered or load-balanced service renews properly on one node, but the active node keeps failing ACME challenges.

Recommended Resolution Path

  1. Compare challenge path handling, DNS resolution, and local firewall rules between nodes.
  2. Check whether the load balancer sends validation traffic consistently to the wrong backend.
  3. Test HTTP or DNS challenge reachability from outside the environment.
  4. If cluster design complicates renewal, centralize issuance rather than patching each node differently.

Technician Notes

Document what changed, what confirmed the fix, and whether the issue points to a broader standards gap worth addressing for the client.

Subjects
Security & Continuity
Certificates