Time Synchronization options & troubleshooting on Ubuntu Server

System services, log timestamps, and network operations rely on accurate and synchronized time. If the system clock drifts or is not synchronized correctly, you may experience connection errors, SSL certificate issues, or inconsistent timestamps in logs and applications.

Checking System Time Status

You can check your current time synchronization state using:

timedatectl status

A correctly synchronized system typically shows:

Local time: Thu 2025-10-09 11:38:42 CEST
Universal time: Thu 2025-10-09 09:38:42 UTC
RTC time: Thu 2025-10-09 09:38:42
System clock synchronized: yes
NTP service: active
RTC in local TZ: no

✅ What to look for:

  • System clock synchronized: yes
  • NTP service: active

If these values show no or inactive, your system is not currently synchronized.

Default Time Synchronization (systemd-timesyncd)

By default, most Linux distributions use systemd-timesyncd, a simple NTP client that synchronizes the system clock using UDP port 123.

You can check its status:

systemctl status systemd-timesyncd

If it’s inactive, enable it with:

sudo timedatectl set-ntp on

However, this service may stop working in some network configurations — particularly when:

  • You’re using a VPN that blocks UDP/123
  • Your router or firewall drops NTP packets
  • Your ISP filters or blocks NTP traffic

For that reason, I recommend to check the timedatectl status from time to time.

Troubleshooting Time Synchronization issues when using systemd-timesyncd

  • If synchronization works with disabled VPN client, exclude NTP traffic from the VPN tunnel.

    Fix: Set Split Tunnel for systemd-timesyncd

    Alternate fix: Switch to Chrony

  • If synchronization works on another network, such as a mobile hotspot, your primary network or ISP likely blocks UDP port 123.

    Fix: Switch to Chrony.

  • If synchronization starts working again after a router reboot and then stops after some time, your router may have stale or stuck NAT entries for NTP traffic (UDP port 123).

    Fix: Set up an automatic NAT cleanup script on the router to periodically remove old NTP connections. Look for a guide: MikroTik RouterOS – NTP Port Cleanup Scheduler.

    Alternate fix: Switch to Chrony

Alternative Time Synchronization with Chrony

If systemd-timesyncd fails due to network restrictions (e.g. blocked UDP 123), or if you simply prefer a modern and more reliable NTP/NTS client, you can switch to Chrony. Chrony supports both traditional NTP over UDP and encrypted time synchronization via TCP using the Network Time Security (NTS) protocol.

Switching from systemd-timesyncd to Chrony

  1. Stop, disable, and remove systemd-timesyncd

    sudo systemctl disable --now systemd-timesyncd
    sudo apt remove -y systemd-timesyncd
  2. Install Chrony

    sudo apt update && sudo apt install -y chrony
  3. Adjust Chrony configuration

    Edit sudo nano /etc/chrony/chrony.conf and update the NTP pool servers to include reliable global sources. These servers are usually accessible even behind strict ISP or VPN firewalls:

    pool time.cloudflare.com iburst
    pool time.google.com iburst
    pool ntp.ubuntu.com iburst
    pool pool.ntp.org iburst

    💡 To improve reliability and enable encrypted synchronization over TCP (in case UDP 123 is blocked), you can also add NTS-capable servers:

    server time.cloudflare.com iburst nts
    server time.google.com iburst nts

    Chrony will automatically prefer the most stable and reachable sources, switching seamlessly between UDP and TCP as needed.

  4. Enable and start Chrony

    sudo systemctl enable --now chrony

    Once started, Chrony takes over system-wide time synchronization. The system clock and RTC will now stay continuously synchronized even if your network conditions change.

  5. Monitor synchronization status

    You can verify that Chrony is working and tracking remote servers correctly:

    chronyc tracking
    chronyc sources -v

    Example output:

    Reference ID    : 55A3A8E3 (time.cloudflare.com)
    Stratum         : 3
    Ref time (UTC)  : Thu Oct 09 09:24:38 2025
    System time     : 0.0005 seconds fast of NTP time
    Last offset     : +0.0006 seconds
    RMS offset      : 0.0003 seconds
    Frequency       : 5.354 ppm slow
    Leap status     : Normal

    You can also confirm that the system clock is synchronized:

    timedatectl status
    System clock synchronized: yes
    NTP service: inactive (handled by chronyd)

Reverting back to systemd-timesyncd

If you ever wish to switch back to the default synchronization service:

sudo systemctl disable --now chrony
sudo apt remove -y chrony
sudo apt install -y systemd-timesyncd
sudo systemctl enable --now systemd-timesyncd