From 56c132753b4477cf5142eae1cdcb60fe9899329a Mon Sep 17 00:00:00 2001
From: Steve Mellor <projects@stevemellor.name>
Date: Tue, 3 Mar 2026 16:56:00 +0000
Subject: [PATCH] Fixes to allow Docker-Nginx-Certbot to correctly run in Azure
 Container Instances with Azure Storage

---
 src/scripts/run_certbot.sh         | 13 +++++++++++++
 src/scripts/start_nginx_certbot.sh |  9 +++++++++
 2 files changed, 22 insertions(+)

diff --git a/src/scripts/run_certbot.sh b/src/scripts/run_certbot.sh
index 26e02bfc..d8342ca3 100644
--- a/src/scripts/run_certbot.sh
+++ b/src/scripts/run_certbot.sh
@@ -199,3 +199,16 @@ fi
 
 # Finally, tell Nginx to reload the configs.
 nginx -s reload
+
+# Workaround for https://github.com/certbot/certbot/issues/4850
+# Store and retreive letsencrypt config to an archive rather than in a live directory
+if [ -d /etc/letsencrypt.backup ]; then
+    info "Archiving letsencrypt configuration"
+    if [ -f /etc/letsencrypt.backup/letsencrypt.old.tar.gz ]; then
+      rm -f /etc/letsencrypt.backup/letsencrypt.old.tar.gz
+    fi
+    if [ -f /etc/letsencrypt.backup/letsencrypt.tar.gz ]; then
+      mv  /etc/letsencrypt.backup/letsencrypt.tar.gz /etc/letsencrypt.backup/letsencrypt.old.tar.gz
+    fi
+    tar zcf /etc/letsencrypt.backup/letsencrypt.tar.gz -C /etc/letsencrypt .
+fi
\ No newline at end of file
diff --git a/src/scripts/start_nginx_certbot.sh b/src/scripts/start_nginx_certbot.sh
index a9d9fae6..1d667eb5 100644
--- a/src/scripts/start_nginx_certbot.sh
+++ b/src/scripts/start_nginx_certbot.sh
@@ -24,6 +24,15 @@ trap "clean_exit" EXIT
 # If the environment variable `DEBUG=1` is set, then this message is printed.
 debug "Debug messages are enabled"
 
+# Workaround for https://github.com/certbot/certbot/issues/4850
+# Store and retreive letsencrypt config to an archive rather than in a live directory
+if [ -f /etc/letsencrypt.backup/letsencrypt.tar.gz ]; then
+  info "Restoring letsencrypt configuration from backup"
+  rm -rf /etc/letsencrypt
+  mkdir -m 755 /etc/letsencrypt
+  tar zxf /etc/letsencrypt.backup/letsencrypt.tar.gz -C /etc/letsencrypt
+fi
+
 # Immediately symlink files to the correct locations and then run
 # 'auto_enable_configs' so that Nginx is in a runnable state
 # This will temporarily disable any misconfigured servers.