letsencrypt cron job: use a random range for the hour and minute, and let the user customise the day of month too. See https://support.d4science.org/issues/12173

letsencrypt-acmetool-client/defaults/main.yml

@@ -23,7 +23,6 @@ letsencrypt_acme_certs_dir: '{{ letsencrypt_acme_user_home }}/live/{{ letsencryp
 letsencrypt_acme_services_scripts_dir: /usr/lib/acme/hooks
 
 # responses parameters
-#letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
 letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
 letsencrypt_acme_agree_tos: true  
 letsencrypt_acme_rsa_key_size: 4096
@@ -37,6 +36,9 @@ letsencrypt_key_id: 'some random string'
 # We 'listener' or 'proxy'. Use 'listener' if we need a certificate for a non web service or before the web service has been configured.
 # Need to set cap_net_bind_service=+ep for the acmetool binary so that it is able to bind port 80 in that case.
 letsencrypt_acme_authenticator: listener
+letsencrypt_acme_cron_day_of_month: '*'
+letsencrypt_acme_cron_hour: '{{ range(1, 4) | random }}'
+letsencrypt_acme_cron_minute: '{{ range(1, 60) | random }}'
 
 # desired parameters
 letsencrypt_acme_domains:

letsencrypt-acmetool-client/tasks/main.yml

@@ -130,7 +130,7 @@
 - name: Install a daily cron job to renew the certificates when needed
   become: True
   become_user: '{{ letsencrypt_acme_user }}'
-  cron: name="Letsencrypt certificate renewal" special_time=daily job="/usr/local/bin/cron-acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1"
+  cron: name="Letsencrypt certificate renewal" day={{ letsencrypt_acme_cron_day_of_month }} hour={{ letsencrypt_acme_cron_hour }} minute={{ letsencrypt_acme_cron_minute }}  job="/usr/local/bin/cron-acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1"
   when: letsencrypt_acme_install
   tags: [ 'letsencrypt', 'letsencrypt_cron' ]