Package: certbot Version: 1.12.0-2 Severity: wishlist Tags: patch Dear Maintainer,
Upstream implemented a flag `--no-random-sleep-on-renew` for the use of packagers - see https://github.com/certbot/certbot/issues/6596 The current behaviour leaves the systemd service 'activating' for more 5+ mins while the random sleep is taking place. We monitor for this state because its often a sign of failure of services. It's not necessary for this due to the RandomizedDelaySec in the systemd timer itself. It would be good to implement this option so that the service doesn't get stuck activating for a long period of time and so i've attached a patch. thanks, Dan -- System Information: Debian Release: 11.6 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-21-amd64 (SMP w/4 CPU threads) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages certbot depends on: ii debconf [debconf-2.0] 1.5.77 ii python3 3.9.2-3 ii python3-certbot 1.12.0-2 certbot recommends no packages. Versions of packages certbot suggests: pn python-certbot-doc <none> pn python3-certbot-apache <none> pn python3-certbot-nginx <none> -- debconf information excluded
>From 7be2e1fff7a48bdf6647259f37a09218c24c90bc Mon Sep 17 00:00:00 2001 From: Dan Poltawski <dan.poltaw...@tnp.net.uk> Date: Thu, 6 Apr 2023 10:30:30 +0100 Subject: [PATCH 1/1] systemd: prevent randomised timer in certbot renew This is already being handled by RandomizedDelaySec in the timer --- debian/certbot.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/certbot.service b/debian/certbot.service index d5e13f2..bd4f95b 100644 --- a/debian/certbot.service +++ b/debian/certbot.service @@ -4,5 +4,5 @@ Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html Documentation=https://certbot.eff.org/docs [Service] Type=oneshot -ExecStart=/usr/bin/certbot -q renew +ExecStart=/usr/bin/certbot -q renew --no-random-sleep-on-renew PrivateTmp=true -- 2.39.2
