From dc8bc57b3574dc8368977df7e74ba64e0a36126f Mon Sep 17 00:00:00 2001 From: Master3395 Date: Wed, 31 Dec 2025 22:26:50 +0100 Subject: [PATCH] Randomize acme.sh cron schedule in installation and upgrade scripts to prevent traffic spikes to Let's Encrypt. Added logic to generate random hour and minute for cron job entries, enhancing the installation process. --- install/install.py | 9 +++++++-- plogical/upgrade.py | 18 ++++++++++++++---- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/install/install.py b/install/install.py index 8ce6adee3..2abd86778 100644 --- a/install/install.py +++ b/install/install.py @@ -4688,13 +4688,18 @@ user_query = SELECT email as user, password, 'vmail' as uid, 'vmail' as gid, '/h cronFile = open(cronPath, "w") + # Randomize acme.sh cron schedule to avoid traffic spikes to Let's Encrypt + # Generate random hour (0-23) and minute (0-59) for each installation + acme_hour = random.randint(0, 23) + acme_minute = random.randint(0, 59) + content = """ 0 * * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/findBWUsage.py >/dev/null 2>&1 0 * * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/postfixSenderPolicy/client.py hourlyCleanup >/dev/null 2>&1 0 0 1 * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/postfixSenderPolicy/client.py monthlyCleanup >/dev/null 2>&1 0 2 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/upgradeCritical.py >/dev/null 2>&1 0 0 * * 4 /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/renew.py >/dev/null 2>&1 -7 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null +%d %d * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null 0 0 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py Daily 0 0 * * 0 /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py Weekly @@ -4707,7 +4712,7 @@ user_query = SELECT email as user, password, 'vmail' as uid, 'vmail' as gid, '/h 0 0 * * 0 /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py '1 Week' */3 * * * * if ! find /home/*/public_html/ -maxdepth 2 -type f -newer /usr/local/lsws/cgid -name '.htaccess' -exec false {} +; then /usr/local/lsws/bin/lswsctrl restart; fi -""" +""" % (acme_minute, acme_hour) cronFile.write(content) cronFile.close() diff --git a/plogical/upgrade.py b/plogical/upgrade.py index 0915aaa3a..b3cd256d7 100644 --- a/plogical/upgrade.py +++ b/plogical/upgrade.py @@ -5020,20 +5020,25 @@ vmail data = open(cronPath, 'r').read() if data.find('findBWUsage') == -1: + # Randomize acme.sh cron schedule to avoid traffic spikes to Let's Encrypt + # Generate random hour (0-23) and minute (0-59) for each installation + acme_hour = random.randint(0, 23) + acme_minute = random.randint(0, 59) + content = """ 0 * * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/findBWUsage.py >/dev/null 2>&1 0 * * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/postfixSenderPolicy/client.py hourlyCleanup >/dev/null 2>&1 0 0 1 * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/postfixSenderPolicy/client.py monthlyCleanup >/dev/null 2>&1 0 2 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/upgradeCritical.py >/dev/null 2>&1 0 0 * * 4 /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/renew.py >/dev/null 2>&1 -7 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null +%d %d * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null 0 1 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/manage.py ssl_reconcile --all >/dev/null 2>&1 */3 * * * * if ! find /home/*/public_html/ -maxdepth 2 -type f -newer /usr/local/lsws/cgid -name '.htaccess' -exec false {} +; then /usr/local/lsws/bin/lswsctrl restart; fi * * * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/manage.py run_scheduled_scans >/usr/local/lscp/logs/scheduled_scans.log 2>&1 """ writeToFile = open(cronPath, 'w') - writeToFile.write(content) + writeToFile.write(content % (acme_minute, acme_hour)) writeToFile.close() if data.find('IncScheduler.py') == -1: @@ -5070,18 +5075,23 @@ vmail else: + # Randomize acme.sh cron schedule to avoid traffic spikes to Let's Encrypt + # Generate random hour (0-23) and minute (0-59) for each installation + acme_hour = random.randint(0, 23) + acme_minute = random.randint(0, 59) + content = """ 0 * * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/findBWUsage.py >/dev/null 2>&1 0 * * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/postfixSenderPolicy/client.py hourlyCleanup >/dev/null 2>&1 0 0 1 * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/postfixSenderPolicy/client.py monthlyCleanup >/dev/null 2>&1 0 2 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/upgradeCritical.py >/dev/null 2>&1 0 0 * * 4 /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/renew.py >/dev/null 2>&1 -7 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null +%d %d * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null 0 1 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/manage.py ssl_reconcile --all >/dev/null 2>&1 0 0 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py Daily 0 0 * * 0 /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py Weekly * * * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/manage.py run_scheduled_scans >/usr/local/lscp/logs/scheduled_scans.log 2>&1 -""" +""" % (acme_minute, acme_hour) writeToFile = open(cronPath, 'w') writeToFile.write(content) writeToFile.close()