Disabling random sleep of certbot

yasu · January 18, 2019, 9:09pm

It seems recent version of certbot includes random sleep when executing certbot renew with non-interactive mode such as executing from cron. Are there any way to disabling it?

_az · January 18, 2019, 9:14pm

--no-random-sleep-on-renew

rg305 · January 18, 2019, 9:37pm

The “sleeping” is there for a reason.
Why do you need to remove it?

yasu · January 18, 2019, 10:04pm

Thanks. It’s just what I want to know.

yasu · January 18, 2019, 10:26pm

One of typical case that certbot renew is executed with non-interactive mode is that it is executes as one of daily/weekly/monthly periodic jobs. But recent version of FreeBSD has anti-congestion feature that only one time of random sleep is executed while executing all of periodic jobs. In this case it is enough for avoiding congestion of any of periodic jobs and executing random sleep is pointless. Another case is executing certbot renew as a single jobs of cron on single host. In this case administrator of the host can specify any timing that certbot renew is executed. And it is totally meaningless to execute random sleep in this case.

_az · January 18, 2019, 10:28pm

I believe this particular sleep is to distribute the workload on the CA side (to stop the :00 rush), rather than your machine.

I think the intention is that this flag is meant to be used by package maintainers. So the FreeBSD maintainer for Certbot might take advantage of it, so that you don’t need to worry about using it.

yasu · January 18, 2019, 10:33pm

If I set up cron jobs so certbot renew is executed at 5:23 AM of each Saturday. What is the benefit of CA site that random sleep is executed on my host?

_az · January 18, 2019, 10:34pm

Well, you’re right of course, but Certbot is written for many platforms and I guess they thought it was a sane default for the majority. Maybe you can reach out to the FreeBSD maintainer to ask about adding this flag by default for your platform.

yasu · January 18, 2019, 10:40pm

OK, I agree with you. I think whether or not random sleep is executed by default is not so important. So as log as --no-random-sleep-on-renew options is provided I don’t request to change default about it.

rg305 · January 18, 2019, 11:01pm

To me, the main point of the sleep is so that the default (which is what the majority uses) doesn’t overload the CA.
The average user will not change the default (when it works).

system · February 17, 2019, 11:01pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.