[Letsencrypt-devel] Bug#843607: systemd timer option RandomizedDelaySec not available on debian jessie

Lorenzo Felice Cameroni lorenzo.cameroni at gmail.com
Wed Nov 9 15:33:00 UTC 2016


(Originally posted on
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833453#15 )

I've just found that after upgrading certbot to version 0.9.3-1~bpo8+1
on debian jessie (installed from backports) there is no more a random
delay before executions of the automatic renew attempts.
This can cause overload (and eventually DDoS) of LetsEncrypt servers.

systemctl status certbot.timer reports the following:
[/lib/systemd/system/certbot.timer:6] Unknown lvalue
'RandomizedDelaySec' in section 'Timer'

This is caused by the option "RandomizedDelaySec" being available on
systemd >= 229 (see
https://github.com/systemd/systemd/commit/6182e51efa30851849901b70b9128bb07adf0418#diff-fe53d16e13f390594bfad5ef06bf984a
), but the available version in jessie (according to
https://packages.debian.org/search?keywords=systemd ) is 215, although
version 230 is available in jessie-backports.

I can suggest two fix:
- add a versioned dependency on certbot to systemd >= 229
- do not use systemd timer on jessie-backport and use cron

Sincerely

Lorenzo Cameroni



More information about the Letsencrypt-devel mailing list