diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix
index 91ec24ab1f58d2f..e9299fb1b3adbcf 100644
--- a/nixos/modules/security/acme/default.nix
+++ b/nixos/modules/security/acme/default.nix
@@ -190,7 +190,7 @@ let
     );
     renewOpts = escapeShellArgs (
       commonOpts
-      ++ [ "renew" ]
+      ++ [ "renew" "--no-random-sleep" ]
       ++ optionals data.ocspMustStaple [ "--must-staple" ]
       ++ data.extraLegoRenewFlags
     );
@@ -223,9 +223,9 @@ let
         # have many certificates, the renewals are distributed over
         # the course of the day to avoid rate limits.
         AccuracySec = "${toString (_24hSecs / numCerts)}s";
-
         # Skew randomly within the day, per https://letsencrypt.org/docs/integration-guide/.
         RandomizedDelaySec = "24h";
+        FixedRandomDelay = true;
       };
     };
 
diff --git a/nixos/tests/common/acme/client/default.nix b/nixos/tests/common/acme/client/default.nix
index 9a37e4f2fd35e62..503e610d1ac9edc 100644
--- a/nixos/tests/common/acme/client/default.nix
+++ b/nixos/tests/common/acme/client/default.nix
@@ -9,11 +9,6 @@ in {
     defaults = {
       server = "https://${caDomain}/dir";
       email = "hostmaster@example.test";
-      # Avoid a random 0-8 minute sleep when testing renewals.
-      # We are not using LE servers in testing so this is not
-      # going to impact their load.
-      # See https://github.com/go-acme/lego/issues/1656
-      extraLegoRenewFlags = ["-no-random-sleep"];
     };
   };