On PBXact 15 configured with warm spare, the trunks require TLS, so on both primary and spare (which have different trunk configurations), in Asterisk SIP Settings → PJSIP, TLS is configured and a certificate is selected.
The backup config on the primary excludes the Certificate Management module, Asterisk SIP Settings module, and has “Exclude CERTIFICATE Settings” set to yes.
Yet, after each warm spare backup/restore cycle, the PJSIP TLS setup reverts to this:
What is causing the certificate to be un-selected?
The result of this is that connections initiated to the warm spare are dropped. When there is a problem with the primary network and the warm spare is in service, we have to log in to it and select the certificate and reload, making this more of a luke-warm spare.