feat: sleep at renewal (#1657)
Co-authored-by: Dominik Menke <git@dmke.org>
This commit is contained in:
parent
88a2bab2d9
commit
257dfa777e
2 changed files with 21 additions and 1 deletions
|
@ -17,12 +17,16 @@
|
|||
min-len = 3.0
|
||||
min-occurrences = 3.0
|
||||
|
||||
[linters-settings.funlen]
|
||||
lines = -1
|
||||
statements = 50
|
||||
|
||||
[linters-settings.misspell]
|
||||
locale = "US"
|
||||
ignore-words = ["internetbs"]
|
||||
|
||||
[linters-settings.depguard]
|
||||
list-type = "blacklist"
|
||||
list-type = "denylist"
|
||||
include-go-root = false
|
||||
packages = ["github.com/pkg/errors"]
|
||||
|
||||
|
|
|
@ -3,6 +3,7 @@ package cmd
|
|||
import (
|
||||
"crypto"
|
||||
"crypto/x509"
|
||||
"math/rand"
|
||||
"time"
|
||||
|
||||
"github.com/go-acme/lego/v4/certcrypto"
|
||||
|
@ -68,6 +69,10 @@ func createRenew() *cli.Command {
|
|||
Name: "always-deactivate-authorizations",
|
||||
Usage: "Force the authorizations to be relinquished even if the certificate request was successful.",
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "no-random-sleep",
|
||||
Usage: "Do not add a random sleep before the renewal. We do not recommend using this flag if you are doing your renewals in an automated way.",
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
@ -132,6 +137,17 @@ func renewForDomains(ctx *cli.Context, client *lego.Client, certsStorage *Certif
|
|||
}
|
||||
}
|
||||
|
||||
if !ctx.Bool("no-random-sleep") {
|
||||
// https://github.com/go-acme/lego/issues/1656
|
||||
// https://github.com/certbot/certbot/blob/284023a1b7672be2bd4018dd7623b3b92197d4b0/certbot/certbot/_internal/renewal.py#L472
|
||||
const jitter = 8 * time.Minute
|
||||
rnd := rand.New(rand.NewSource(time.Now().UnixNano()))
|
||||
sleepTime := time.Duration(rnd.Int63n(int64(jitter)))
|
||||
|
||||
log.Infof("renewal: random delay of %s", sleepTime)
|
||||
time.Sleep(sleepTime)
|
||||
}
|
||||
|
||||
request := certificate.ObtainRequest{
|
||||
Domains: merge(certDomains, domains),
|
||||
Bundle: bundle,
|
||||
|
|
Loading…
Reference in a new issue