Bot Updating Templated Files

Relocate live cert symlink

.github/ISSUE_TEMPLATE/issue.bug.md

@@ -1,40 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-
----
-[linuxserverurl]: https://linuxserver.io
-[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
-
-<!--- If you are new to Docker or this application our issue tracker is **ONLY** used for reporting bugs or requesting features. Please use [our discord server](https://discord.gg/YWrKVTn) for general support. --->
-
-<!--- Provide a general summary of the bug in the Title above -->
-
-------------------------------
-
-## Expected Behavior
-<!--- Tell us what should happen -->
-
-## Current Behavior
-<!--- Tell us what happens instead of the expected behavior -->
-
-## Steps to Reproduce
-<!--- Provide a link to a live example, or an unambiguous set of steps to -->
-<!--- reproduce this bug. Include code to reproduce, if relevant -->
-1.
-2.
-3.
-4.
-
-## Environment
-**OS:**
-**CPU architecture:** x86_64/arm32/arm64
-**How docker service was installed:**
-<!--- ie. from the official docker repo, from the distro repo, nas OS provided, etc. -->
-<!--- Providing context helps us come up with a solution that is most useful in the real world -->
-
-## Command used to create docker container (run/create/compose/screenshot)
-<!--- Provide your docker create/run command or compose yaml snippet, or a screenshot of settings if using a gui to create the container -->
-
-## Docker logs
-<!--- Provide a full docker log, output of "docker logs swag" -->

.github/ISSUE_TEMPLATE/issue.bug.yml

@@ -0,0 +1,77 @@
+# Based on the issue template
+name: Bug report
+description: Create a report to help us improve
+title: "[BUG] <title>"
+labels: [Bug]
+body:
+  - type: checkboxes
+    attributes:
+      label: Is there an existing issue for this?
+      description: Please search to see if an issue already exists for the bug you encountered.
+      options:
+        - label: I have searched the existing issues
+          required: true
+  - type: textarea
+    attributes:
+      label: Current Behavior
+      description: Tell us what happens instead of the expected behavior.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: Tell us what should happen.
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Steps To Reproduce
+      description: Steps to reproduce the behavior.
+      placeholder: |
+        1. In this environment...
+        2. With this config...
+        3. Run '...'
+        4. See error...
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Environment
+      description: |
+        examples:
+          - **OS**: Ubuntu 20.04
+          - **How docker service was installed**: distro's packagemanager
+      value: |
+        - OS:
+        - How docker service was installed:
+      render: markdown
+    validations:
+      required: false
+  - type: dropdown
+    attributes:
+      label: CPU architecture
+      options:
+        - x86-64
+        - arm64
+        - armhf
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Docker creation
+      description: |
+        Command used to create docker container
+        Provide your docker create/run command or compose yaml snippet, or a screenshot of settings if using a gui to create the container
+      render: bash
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      description: |
+        Provide a full docker log, output of "docker logs linuxserver.io"
+      label: Container logs
+      placeholder: |
+        Output of `docker logs linuxserver.io`
+      render: bash
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/issue.feature.md

@@ -1,25 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this project
-
----
-[linuxserverurl]: https://linuxserver.io
-[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
-
-<!--- If you are new to Docker or this application our issue tracker is **ONLY** used for reporting bugs or requesting features. Please use [our discord server](https://discord.gg/YWrKVTn) for general support. --->
-
-<!--- If this acts as a feature request please ask yourself if this modification is something the whole userbase will benefit from --->
-<!--- If this is a specific change for corner case functionality or plugins please look at making a Docker Mod or local script  https://blog.linuxserver.io/2019/09/14/customizing-our-containers/ -->
-
-<!--- Provide a general summary of the request in the Title above -->
-
-------------------------------
-
-## Desired Behavior
-<!--- Tell us what should happen -->
-
-## Current Behavior
-<!--- Tell us what happens instead of the expected behavior -->
-
-## Alternatives Considered
-<!--- Tell us what other options you have tried or considered -->

.github/ISSUE_TEMPLATE/issue.feature.yml

@@ -0,0 +1,31 @@
+# Based on the issue template
+name: Feature request
+description: Suggest an idea for this project
+title: "[FEAT] <title>"
+labels: [enhancement]
+body:
+  - type: checkboxes
+    attributes:
+      label: Is this a new feature request?
+      description: Please search to see if a feature request already exists.
+      options:
+        - label: I have searched the existing issues
+          required: true
+  - type: textarea
+    attributes:
+      label: Wanted change
+      description: Tell us what you want to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Reason for change
+      description: Justify your request, why do you want it, what is the benefit.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Proposed code change
+      description: Do you have a potential code change in mind?
+    validations:
+      required: false

.github/workflows/external_trigger.yml

@@ -7,7 +7,7 @@ jobs:
   external-trigger-master:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.3
+      - uses: actions/checkout@v3.1.0
 
       - name: External Trigger
         if: github.ref == 'refs/heads/master'
@@ -18,7 +18,7 @@ jobs:
           fi
           echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****"
           echo "**** Retrieving external version ****"
-          EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version')
+          EXT_RELEASE=$(echo '1.32.0')
           if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
             echo "**** Can't retrieve external version, exiting ****"
             FAILURE_REASON="Can't retrieve external version for swag branch master"
@@ -48,8 +48,12 @@ jobs:
               | jq -r '.config.digest')
           image_info=$(curl -sL \
             --header "Authorization: Bearer ${token}" \
-            "https://ghcr.io/v2/${image}/blobs/${digest}" \
-            | jq -r '.container_config')
+            "https://ghcr.io/v2/${image}/blobs/${digest}")
+          if [[ $(echo $image_info | jq -r '.container_config') == "null" ]]; then
+            image_info=$(echo $image_info | jq -r '.config')
+          else
+            image_info=$(echo $image_info | jq -r '.container_config')
+          fi
           IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}')
           IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}')
           if [ -z "${IMAGE_VERSION}" ]; then

.github/workflows/external_trigger_scheduler.yml

@@ -9,7 +9,7 @@ jobs:
   external-trigger-scheduler:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.3
+      - uses: actions/checkout@v3.1.0
         with:
           fetch-depth: '0'
 

.github/workflows/greetings.yml

@@ -8,6 +8,6 @@ jobs:
     steps:
     - uses: actions/first-interaction@v1
       with:
-        issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.bug.md) or [feature](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.feature.md) issue templates!'
+        issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.bug.yml) or [feature](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.feature.yml) issue templates!'
         pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-swag/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!'
         repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/package_trigger.yml

@@ -7,7 +7,7 @@ jobs:
   package-trigger-master:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.3
+      - uses: actions/checkout@v3.1.0
 
       - name: Package Trigger
         if: github.ref == 'refs/heads/master'

.github/workflows/package_trigger_scheduler.yml

@@ -9,7 +9,7 @@ jobs:
   package-trigger-scheduler:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.3
+      - uses: actions/checkout@v3.1.0
         with:
           fetch-depth: '0'
 

.github/workflows/stale.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/stale@v3
+    - uses: actions/stale@v6.0.1
       with:
         stale-issue-message: "This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
         stale-pr-message: "This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."

Dockerfile

@@ -101,6 +101,7 @@ RUN \
   pip3 install -U \
     pip wheel && \
   pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
+    acme==${CERTBOT_VERSION} \
     ${CERTBOT} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \

Dockerfile.aarch64

@@ -101,6 +101,7 @@ RUN \
   pip3 install -U \
     pip wheel && \
   pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
+    acme==${CERTBOT_VERSION} \
     ${CERTBOT} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \

Dockerfile.armhf

@@ -101,6 +101,7 @@ RUN \
   pip3 install -U \
     pip wheel && \
   pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
+    acme==${CERTBOT_VERSION} \
     ${CERTBOT} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \

Jenkinsfile

@@ -57,7 +57,7 @@ pipeline {
           env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
           env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
           env.PULL_REQUEST = env.CHANGE_ID
-          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.md ./.github/ISSUE_TEMPLATE/issue.feature.md ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
+          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
         }
         script{
           env.LS_RELEASE_NUMBER = sh(
@@ -100,17 +100,18 @@ pipeline {
     /* ########################
        External Release Tagging
        ######################## */
-    // If this is a pip release set the external tag to the pip version
-    stage("Set ENV pip_version"){
+    // If this is a custom command to determine version use that command
+    stage("Set tag custom bash"){
       steps{
         script{
           env.EXT_RELEASE = sh(
-            script: '''curl -sL  https://pypi.python.org/pypi/${EXT_PIP}/json |jq -r '. | .info.version' ''',
+            script: ''' echo '1.32.0' ''',
             returnStdout: true).trim()
-          env.RELEASE_LINK = 'https://pypi.python.org/pypi/' + env.EXT_PIP
+            env.RELEASE_LINK = 'custom_command'
         }
       }
-    }    // Sanitize the release tag and strip illegal docker or github characters
+    }
+    // Sanitize the release tag and strip illegal docker or github characters
     stage("Sanitize tag"){
       steps{
         script{
@@ -277,7 +278,7 @@ pipeline {
                 echo "Jenkinsfile is up to date."
               fi
               # Stage 2 - Delete old templates
-              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md"
+              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md\n.github/ISSUE_TEMPLATE/issue.bug.md\n.github/ISSUE_TEMPLATE/issue.feature.md"
               for i in ${OLD_TEMPLATES}; do
                 if [[ -f "${i}" ]]; then
                   TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
@@ -911,11 +912,11 @@ pipeline {
              "tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' '''
         echo "Pushing New release for Tag"
         sh '''#! /bin/bash
-              echo "Updating PIP version of ${EXT_PIP} to ${EXT_RELEASE_CLEAN}" > releasebody.json
+              echo "Updating to ${EXT_RELEASE_CLEAN}" > releasebody.json
               echo '{"tag_name":"'${META_TAG}'",\
                      "target_commitish": "master",\
                      "name": "'${META_TAG}'",\
-                     "body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**PIP Changes:**\\n\\n' > start
+                     "body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Remote Changes:**\\n\\n' > start
               printf '","draft": false,"prerelease": false}' >> releasebody.json
               paste -d'\\0' start releasebody.json > releasebody.json.done
               curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done'''

README.md

@@ -335,6 +335,9 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **22.11.22:** - Pin acme to the same version as certbot.
+* **22.11.22:** - Pin certbot to 1.32.0 until plugin compatibility improves.
+* **05.11.22:** - Update acmedns plugin handling.
 * **06.10.22:** - Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic.
 * **05.10.22:** - Use certbot file hooks instead of command line hooks
 * **04.10.22:** - Add godaddy and porkbun dns plugins.

jenkins-vars.yml

@@ -2,7 +2,12 @@
 
 # jenkins variables
 project_name: docker-swag
-external_type: pip_version
+
+# Pin certbot to 1.32.0 until plugin compatibility improves
+external_type: na
+custom_version_command: "echo '1.32.0'"
+
+#external_type: pip_version
 release_type: stable
 release_tag: latest
 ls_branch: master

package_versions.txt

@@ -41,7 +41,7 @@ libbsd-0.11.3-r1
 libbz2-1.0.8-r1
 libc-utils-0.7.2-r3
 libcap-2.61-r0
-libcrypto1.1-1.1.1q-r0
+libcrypto1.1-1.1.1s-r1
 libcurl-7.80.0-r4
 libedit-20210910.3.1-r0
 libevent-2.1.12-r4
@@ -70,7 +70,7 @@ libsasl-2.1.28-r0
 libseccomp-2.5.2-r0
 libsm-1.2.3-r0
 libsodium-1.0.18-r0
-libssl1.1-1.1.1q-r0
+libssl1.1-1.1.1s-r1
 libstdc++-10.3.1_git20211027-r0
 libtasn1-4.18.0-r0
 libunistring-0.9.10-r1
@@ -120,7 +120,7 @@ nginx-mod-stream-geoip2-1.20.2-r1
 nginx-vim-1.20.2-r1
 npth-1.6-r1
 oniguruma-6.9.7.1-r0
-openssl-1.1.1q-r0
+openssl-1.1.1s-r1
 p11-kit-0.24.0-r1
 pcre-8.45-r1
 pcre2-10.40-r0
@@ -135,8 +135,8 @@ php8-ctype-8.0.25-r0
 php8-curl-8.0.25-r0
 php8-dom-8.0.25-r0
 php8-exif-8.0.25-r0
-php8-fileinfo-8.0.18-r0
-php8-fpm-8.0.18-r0
+php8-fileinfo-8.0.25-r0
+php8-fpm-8.0.25-r0
 php8-ftp-8.0.25-r0
 php8-gd-8.0.25-r0
 php8-gmp-8.0.25-r0
@@ -166,7 +166,7 @@ php8-pgsql-8.0.25-r0
 php8-phar-8.0.25-r0
 php8-posix-8.0.25-r0
 php8-session-8.0.25-r0
-php8-simplexml-8.0.18-r0
+php8-simplexml-8.0.25-r0
 php8-soap-8.0.25-r0
 php8-sockets-8.0.25-r0
 php8-sodium-8.0.25-r0
@@ -174,7 +174,7 @@ php8-sqlite3-8.0.25-r0
 php8-tokenizer-8.0.25-r0
 php8-xml-8.0.25-r0
 php8-xmlreader-8.0.25-r0
-php8-xmlwriter-8.0.18-r0
+php8-xmlwriter-8.0.25-r0
 php8-xsl-8.0.25-r0
 php8-zip-8.0.25-r0
 pinentry-1.2.0-r0
@@ -211,7 +211,7 @@ py3-toml-0.10.2-r2
 py3-tomli-1.2.2-r0
 py3-urllib3-1.26.7-r0
 py3-webencodings-0.5.1-r4
-python3-3.9.13-r1
+python3-3.9.15-r0
 readline-8.1.1-r0
 s6-ipcserver-2.11.0.0-r0
 scanelf-1.3.3-r0
@@ -219,7 +219,7 @@ shadow-4.8.1-r1
 skalibs-2.11.0.0-r0
 sqlite-libs-3.36.0-r0
 ssl_client-1.34.1-r7
-tzdata-2022c-r0
+tzdata-2022f-r1
 unixodbc-2.3.9-r1
 utmps-0.1.0.3-r0
 whois-5.5.10-r0

readme-vars.yml

@@ -157,6 +157,9 @@ app_setup_nginx_reverse_proxy_block: ""
 
 # changelog
 changelogs:
+  - { date: "22.11.22:", desc: "Pin acme to the same version as certbot."}
+  - { date: "22.11.22:", desc: "Pin certbot to 1.32.0 until plugin compatibility improves."}
+  - { date: "05.11.22:", desc: "Update acmedns plugin handling."}
   - { date: "06.10.22:", desc: "Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic." }
   - { date: "05.10.22:", desc: "Use certbot file hooks instead of command line hooks" }
   - { date: "04.10.22:", desc: "Add godaddy and porkbun dns plugins." }

root/etc/cont-init.d/50-certbot

@@ -158,10 +158,13 @@ if [ "$VALIDATION" = "dns" ]; then
     elif [[ "$DNSPLUGIN" =~ ^(azure|gandi)$ ]]; then
         if [ -n "$PROPAGATION" ]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
         PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini"
+    elif [[ "$DNSPLUGIN" =~ ^(duckdns)$ ]]; then
+        if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
+        PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini --dns-duckdns-no-txt-restore ${PROPAGATIONPARAM}"
     elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then
         if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
         PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
-    elif [[ "$DNSPLUGIN" =~ ^(aliyun|cpanel|desec|dnspod|do|domeneshop|duckdns|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then
+    elif [[ "$DNSPLUGIN" =~ ^(acmedns|aliyun|cpanel|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then
         if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
         PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
     elif [[ "$DNSPLUGIN" =~ ^(standalone)$ ]]; then
@@ -191,10 +194,6 @@ if [ "$ONLY_SUBDOMAINS" = "true" ] && [ ! "$SUBDOMAINS" = "wildcard" ]; then
 else
     ln -s ../etc/letsencrypt/live/"$URL" /config/keys/letsencrypt
 fi
-rm -rf /config/keys/cert.crt
-ln -s ./letsencrypt/fullchain.pem /config/keys/cert.crt
-rm -rf /config/keys/cert.key
-ln -s ./letsencrypt/privkey.pem /config/keys/cert.key
 
 # checking for changes in cert variables, revoking certs if necessary
 if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "$ONLY_SUBDOMAINS" = "$ORIGONLY_SUBDOMAINS" ] || [ ! "$EXTRA_DOMAINS" = "$ORIGEXTRA_DOMAINS" ] || [ ! "$VALIDATION" = "$ORIGVALIDATION" ] || [ ! "$DNSPLUGIN" = "$ORIGDNSPLUGIN" ] || [ ! "$PROPAGATION" = "$ORIGPROPAGATION" ] || [ ! "$STAGING" = "$ORIGSTAGING" ] || [ ! "$CERTPROVIDER" = "$ORIGCERTPROVIDER" ]; then
@@ -273,3 +272,11 @@ if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then
 else
     echo "Certificate exists; parameters unchanged; starting nginx"
 fi
+
+# if certbot generated key exists, remove self-signed cert and replace it with symlink to live cert
+if [ -d /config/keys/letsencrypt ]; then
+    rm -rf /config/keys/cert.crt
+    ln -s ./letsencrypt/fullchain.pem /config/keys/cert.crt
+    rm -rf /config/keys/cert.key
+    ln -s ./letsencrypt/privkey.pem /config/keys/cert.key
+fi