This repository has been archived by the owner on Apr 12, 2021. It is now read-only.
Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 3 commits
- 2 files changed
- 3 contributors
Commits on Feb 29, 2020
-
nixos/acme: adjust renewal timer options
The current weekly setting causes every NixOS server to try to renew its certificate at midnight on the dot on Monday. This contributes to the general problem of periodic load spikes for Let's Encrypt; NixOS is probably not a major contributor to that problem, but we can lead by example by picking good defaults here. The values here were chosen after consulting with @yuriks, an SRE at Let's Encrypt: * Randomize the time certificates are renewed within a 24 hour period. * Check for renewal every 24 hours, to ensure the certificate is always renewed before an expiry notice is sent out. * Increase the AccuracySec (thus lowering the accuracy(!)), so that systemd can coalesce the renewal with other timers being run. (You might be worried that this would defeat the purpose of the time skewing, but systemd is documented as avoiding this by picking a random time.) (cherry picked from commit 7b14bbd)
Commits on Mar 2, 2020
-
(cherry picked from commit e0a2f0f)
Commits on Mar 3, 2020
-
Merge pull request #80857 from emilazy/adjust-acme-20.03
[20.03] nixos/acme: adjust renewal timer options
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 181974248e25...0f2565d51822