From abb193a03ce30d9d8fd1e4f6c56acb5075a5c802 Mon Sep 17 00:00:00 2001
From: samuel <samuel.campos@netoik.io>
Date: Sat, 11 Apr 2026 18:24:52 +0200
Subject: [PATCH] fix: add ssl dhparams in all cases

---
 netoik-rp.spec | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/netoik-rp.spec b/netoik-rp.spec
index e89d2d8..ac23c7d 100644
--- a/netoik-rp.spec
+++ b/netoik-rp.spec
@@ -47,18 +47,17 @@ if [ -z $SKIP_CERTBOT ]; then
 	if ! certbot certificates --cert-name netoik.io | grep --quiet netoik.io; then
 		certbot certonly --cert-name netoik.io --non-interactive --agree-tos --email samuel.campos@netoik.io --dns-ovh --dns-ovh-credentials %{_sysconfdir}/certbot/ovh.ini -d *.netoik.io -d *.samuel-campos.fr
 	fi
-
-	# Create ssl dh params if not already exists
-	if [ ! -f "%{_sysconfdir}/letsencrypt/ssl-dhparams.pem" ]; then
-		openssl dhparam -out %{_sysconfdir}/letsencrypt/ssl-dhparams.pem 2048
-	fi
-
 else
 	# Skipping certbot, so create self-signed certificate
 	mkdir --parents /etc/letsencrypt/live/netoik.io
 	openssl req -newkey rsa:4096 -nodes -keyout /etc/letsencrypt/live/netoik.io/privkey.pem -x509 -days 365 -out /etc/letsencrypt/live/netoik.io/fullchain.pem -subj "/C=US/ST=State/L=City/O=Organization/OU=Department/CN=netoik.io"
 fi
 
+# Create ssl dh params if not already exists
+if [ ! -f "%{_sysconfdir}/letsencrypt/ssl-dhparams.pem" ]; then
+	openssl dhparam -out %{_sysconfdir}/letsencrypt/ssl-dhparams.pem 2048
+fi
+
 # Restart services
 systemctl daemon-reload
 systemctl reenable nginx.service certbot-renew.timer