I've just found that after upgrading certbot to version 0.9.3-1~bpo8+1 on debian jessie (installed from backports) there is no more a random delay before executions of the automatic renew attempts. This can cause overload (and eventually DDoS) of LetsEncrypt servers.
systemctl status certbot.timer reports the following: [/lib/systemd/system/certbot.timer:6] Unknown lvalue 'RandomizedDelaySec' in section 'Timer' This is caused by the option "RandomizedDelaySec" being available on systemd >= 229 (see https://github.com/systemd/systemd/commit/6182e51efa30851849901b70b9128bb07adf0418#diff-fe53d16e13f390594bfad5ef06bf984a ), but the available version in jessie (according to https://packages.debian.org/search?keywords=systemd ) is 215, although version 230 is available in jessie-backports. I can suggest two fix: - add a versioned dependency on certbot to systemd >= 229 - do not use systemd timer on jessie-backport and use cron Sincerely Lorenzo Cameroni _______________________________________________ Letsencrypt-devel mailing list [email protected] https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
