diff options
| -rw-r--r-- | nixos/modules/security/acme/default.nix | 4 | ||||
| -rw-r--r-- | nixos/tests/common/acme/client/default.nix | 5 |
2 files changed, 2 insertions, 7 deletions
diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index 91ec24ab1f5..e9299fb1b3a 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -190,7 +190,7 @@ let ); renewOpts = escapeShellArgs ( commonOpts - ++ [ "renew" ] + ++ [ "renew" "--no-random-sleep" ] ++ optionals data.ocspMustStaple [ "--must-staple" ] ++ data.extraLegoRenewFlags ); @@ -223,9 +223,9 @@ let # have many certificates, the renewals are distributed over # the course of the day to avoid rate limits. AccuracySec = "${toString (_24hSecs / numCerts)}s"; - # Skew randomly within the day, per https://letsencrypt.org/docs/integration-guide/. RandomizedDelaySec = "24h"; + FixedRandomDelay = true; }; }; diff --git a/nixos/tests/common/acme/client/default.nix b/nixos/tests/common/acme/client/default.nix index 9a37e4f2fd3..503e610d1ac 100644 --- a/nixos/tests/common/acme/client/default.nix +++ b/nixos/tests/common/acme/client/default.nix @@ -9,11 +9,6 @@ in { defaults = { server = "https://${caDomain}/dir"; email = "hostmaster@example.test"; - # Avoid a random 0-8 minute sleep when testing renewals. - # We are not using LE servers in testing so this is not - # going to impact their load. - # See https://github.com/go-acme/lego/issues/1656 - extraLegoRenewFlags = ["-no-random-sleep"]; }; }; |