Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Please randomize time-of-day for certificate renewal

Please randomize time-of-day for certificate renewal

Scheduled Pinned Locked Moved Solved Feature Requests
6 Posts 3 Posters 1.1k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M Offline
    M Offline
    mcpherrinm
    wrote on last edited by
    #1

    I work at Let's Encrypt, which Cloudron uses to issue certificates per its documentation. We've identified that Cloudron disproportionately sends traffic at midnight and noon UTC. I suspect this is the automated renewal noted in Cloudron's documentation.

    Let's Encrypt receives disproportionately high amounts of traffic at midnight UTC in particular, as well as the top of other hours. I'm attempting to find software which hardcodes these times to ask the developers to have them renew at a random time of day.

    Would it be possible to have cloudron renew at a random time of day? If so, is there an update mechanism that would allow existing clients to install this fix?

    Thank you in advance,

    Matthew McPherrin
    Let's Encrypt Site Reliability Engineering

    1 Reply Last reply
    9
    • nebulonN Offline
      nebulonN Offline
      nebulon
      Staff
      wrote on last edited by
      #2

      Hi @mcpherrinm thanks for bringing this up. I guess we haven't thought Cloudron became that popular to spread load a bit over time. Currently you can see the hardcoded cron schedule for cert renewal checker at https://git.cloudron.io/cloudron/box/-/blob/master/src/cron.js#L118

      We will make this randomized for the next release then.

      1 Reply Last reply
      13
      • nebulonN nebulon marked this topic as a question on
      • M Offline
        M Offline
        mcpherrinm
        wrote on last edited by
        #3

        Thank you for promptly addressing this!

        It’s not just cloudron but many pieces of software all making the same decision to renew at midnight, which leads to uneven traffic.

        robiR 1 Reply Last reply
        5
        • M mcpherrinm

          Thank you for promptly addressing this!

          It’s not just cloudron but many pieces of software all making the same decision to renew at midnight, which leads to uneven traffic.

          robiR Offline
          robiR Offline
          robi
          wrote on last edited by
          #4

          @mcpherrinm How long does the midnight spike last?

          How do you enjoy tracking these down? 🙂

          Conscious tech

          M 1 Reply Last reply
          3
          • robiR robi

            @mcpherrinm How long does the midnight spike last?

            How do you enjoy tracking these down? 🙂

            M Offline
            M Offline
            mcpherrinm
            wrote on last edited by
            #5

            The peak of the spike is about 20 seconds long, where we are returning some errors due to overload. Traffic is elevated for a few more minutes.

            Tracking down the spikes is a little fun, though sometimes quite tricky. Cloudron was straightforward because it supplies a distinct user agent, which not all clients do.

            1 Reply Last reply
            8
            • nebulonN Offline
              nebulonN Offline
              nebulon
              Staff
              wrote on last edited by
              #6

              Alright with https://git.cloudron.io/cloudron/box/-/commit/5b4a1e0ec12554f7a4f1099bfc94d041abfca5f5 we now generate a random hour per Cloudron which acts as a seed to spread the instances over 24h.

              1 Reply Last reply
              10
              • nebulonN nebulon has marked this topic as solved on
              Reply
              • Reply as topic
              Log in to reply
              • Oldest to Newest
              • Newest to Oldest
              • Most Votes


              • Login

              • Don't have an account? Register

              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Bookmarks
              • Search