Using TimeStampSigner in the Cloud
For the Time Stamp Signer, the Minimum run time is set to 60000 (1 min) on the AMI. That means that the monitor will only be in sync for a short window once per minute. For the monitor to stay in sync, it is required to reduce the minimum run time to 500. Additionally, increasing the Status expire time from 900 to 9000 ms is also be needed.
By configuring the Time Stamp Signer to rely on the monitor with the default settings, signings will fail when the monitor reports not in sync. It is configured like this by default to avoid spamming the AWS or Azure internal NTP servers.
For more information, refer to the SignServer documentation on Time Stamp Signer and TimeMonitorManager.