diff --git a/manifests/ca/gencrl.pp b/manifests/ca/gencrl.pp
index cdafa92b2b8b400614171ed31308f4d6041007bf..8026de53ecef3125b809ecb1932afd4c8f23ebe7 100644
--- a/manifests/ca/gencrl.pp
+++ b/manifests/ca/gencrl.pp
@@ -30,7 +30,7 @@ define cfssl::ca::gencrl (
       content => epp('cfssl/cfssl-gencrl.service.epp', { 'ca' => $_ca }),
     }
     ~> service { "cfssl-gencrl-${_ca}.service":
-      ensure   => 'running',
+      ensure   => 'stopped',
       enable   => true,
       provider => 'systemd',
     }
diff --git a/templates/cfssl-gencrl.service.epp b/templates/cfssl-gencrl.service.epp
index 3c381820140b51edd4bd803024c55d6ebbfd300a..ea1cb5e00390c4775edc3df6bb0b151e6e1c850b 100644
--- a/templates/cfssl-gencrl.service.epp
+++ b/templates/cfssl-gencrl.service.epp
@@ -7,7 +7,6 @@ After=cfssl.service
 
 [Service]
 Type=oneshot
-RemainAfterExit=yes
 Environment=CRL=<%= $cfssl::crldir %>/crl-<%= $ca %>.<%= $cfssl::crl_extension %>
 ExecStart=sh -c 'echo "-----BEGIN X509 CRL-----" > $CRL ; cfssl crl -db-config <%= $cfssl::confdir %>/<%= $cfssl::params::db_config_json %> -ca <%= $cfssl::confdir %>/ca/<%= $ca %>.pem -ca-key <%= $cfssl::confdir %>/ca/<%= $ca %>-key.pem | fold -w 64 >> $CRL ; echo "-----END X509 CRL-----" >> $CRL'
 
diff --git a/templates/cfssl-gencrl.timer.epp b/templates/cfssl-gencrl.timer.epp
index 70d741528dd77c2a6bf483c0c377ff6d3d77223b..efd2f94e617b4ffdfe7b05b3afafdcdb42742875 100644
--- a/templates/cfssl-gencrl.timer.epp
+++ b/templates/cfssl-gencrl.timer.epp
@@ -6,6 +6,7 @@ Description=CFSSL CRL generator for CA <%= $ca %>
 [Timer]
 OnCalendar=*-*-* <%= $cfssl::crl_gentimer %>
 Persistent=true
+OnActiveSec=10
 
 [Install]
 WantedBy=timers.target