I've identified the issue in SSLCertificateAdd.groovy but decided to remove cluster support from this script and moved it directly to @CertificateContainer@. The new solution is based in @EventBus@.

I've run a simple test on our test installation (node1/node2.xmpp-test.net, vhost xmpp-test.info [had to refresh it...]) and it doesn't seem to work.

Latest nightly:

http://build.tigase.org/nightlies/dists/2018-01-15/tigase-issue #8.0.0-SNAPSHOT-b5116-dist-max.tar.gz

installed to

/home/tigase/tigase-issue #8.0.0-SNAPSHOT-b5116

and started using:

tigase@node1:~/tigase-issue #8.0.0-SNAPSHOT-b5116$ ./scripts/tigase.sh start etc/tigase.conf

Reports correct version

==========
STARTED Tigase Mon Jan 15 09:23:00 EST 2018 using:
    ./scripts/tigase.sh start etc/tigase.conf
==========
componentInfo{Title=Tigase XML Tools, Version=4.0.0-SNAPSHOT-b262/92c6bcf6(2018-01-15/01:47:03), Class=tigase.xml.XMLUtils}
componentInfo{Title=Tigase Utils, Version=4.0.0-SNAPSHOT-b365/ba951236(2018-01-15/01:47:54), Class=tigase.util.ClassUtil}
componentInfo{Title=Tigase XMPP Server, Version=8.0.0-SNAPSHOT-b5116/316d3a61(2018-01-15/02:51:51), Class=tigase.server.XMPPServer}

This matches the updated code, admin script code looks ok. Nodes time is different but the cluster works just fine (we fixed issue with different zones a while back).

Steps taken:

• Connect to both accounts - we have self signed cert generated on both machines;

• update certificate on one node (node1, with the generated, attached let's encrypt cert)

• node1 had updated the certificate and saved it to disk;

• node2 continued with the auto-generated, self signed certificate, file on disk wasn't updated neither.

My fix was working properly, however, it was based on EventBus and events being fired across the cluster which was failing to subscribe in some cases (worked in one-way). So as I was testing it was working fine as I connected to the newest cluster node for testing, but it failed for you as you connected to the oldest one. This issue was fixed in #6598.