Disabling random sleep of certbot


#1

It seems recent version of certbot includes random sleep when executing certbot renew with non-interactive mode such as executing from cron. Are there any way to disabling it?


#2
--no-random-sleep-on-renew

#3

The “sleeping” is there for a reason.
Why do you need to remove it?


#4

Thanks. It’s just what I want to know.


#5

One of typical case that certbot renew is executed with non-interactive mode is that it is executes as one of daily/weekly/monthly periodic jobs. But recent version of FreeBSD has anti-congestion feature that only one time of random sleep is executed while executing all of periodic jobs. In this case it is enough for avoiding congestion of any of periodic jobs and executing random sleep is pointless. Another case is executing certbot renew as a single jobs of cron on single host. In this case administrator of the host can specify any timing that certbot renew is executed. And it is totally meaningless to execute random sleep in this case.


#6

I believe this particular sleep is to distribute the workload on the CA side (to stop the :00 rush), rather than your machine.

I think the intention is that this flag is meant to be used by package maintainers. So the FreeBSD maintainer for Certbot might take advantage of it, so that you don’t need to worry about using it.


#7

If I set up cron jobs so certbot renew is executed at 5:23 AM of each Saturday. What is the benefit of CA site that random sleep is executed on my host?


#8

Well, you’re right of course, but Certbot is written for many platforms and I guess they thought it was a sane default for the majority. Maybe you can reach out to the FreeBSD maintainer to ask about adding this flag by default for your platform.


#9

OK, I agree with you. I think whether or not random sleep is executed by default is not so important. So as log as --no-random-sleep-on-renew options is provided I don’t request to change default about it.


#10

To me, the main point of the sleep is so that the default (which is what the majority uses) doesn’t overload the CA.
The average user will not change the default (when it works).


closed #11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.