[Letsencrypt-devel] Bug#833453: systemd timer option RandomizedDelaySec not available on debian jessie

Lorenzo Felice Cameroni lorenzo.cameroni at gmail.com
Mon Nov 7 14:30:35 UTC 2016

I've just found that after upgrading certbot to version 0.9.3-1~bpo8+1
on debian jessie (installed from backports) there is no more a random
delay before executions of the automatic renew attempts.
This can cause overload (and eventually DDoS) of LetsEncrypt servers.

systemctl status certbot.timer reports the following:
[/lib/systemd/system/certbot.timer:6] Unknown lvalue
'RandomizedDelaySec' in section 'Timer'

This is caused by the option "RandomizedDelaySec" being available on
systemd >= 229 (see
), but the available version in jessie (according to
https://packages.debian.org/search?keywords=systemd ) is 215, although
version 230 is available in jessie-backports.

I can suggest two fix:
- add a versioned dependency on certbot to systemd >= 229
- do not use systemd timer on jessie-backport and use cron


Lorenzo Cameroni

More information about the Letsencrypt-devel mailing list