diff --git a/01-nginx-setup.sh b/01-nginx-setup.sh
index 9ac3a28..26ea644 100755
--- a/01-nginx-setup.sh
+++ b/01-nginx-setup.sh
@@ -100,9 +100,13 @@ then
     certbot --nginx --non-interactive --agree-tos --no-eff-email -m ${eff_email_address} -d ${domain} \
         --staple-ocsp --hsts --no-redirect --renew-hook 'docker exec --interactive --tty myvemail /bin/ash -c "dovecot reload; postfix reload"'
 
-    # Link certificates
+    # SSL
+    [ -d ./data/ssl/ ] || mkdir -p ./data/ssl
+    # Link certificate and private key
     ln -s /etc/letsencrypt/live/${domain}/fullchain.pem ./data/ssl/tls.pem
     ln -s /etc/letsencrypt/live/${domain}/privkey.pem ./data/ssl/tls.key
+    # dh.pem
+    [ -f ./data/ssl/dh.pem ] || openssl dhparam -out ./data/ssl/dh.pem 4096
 
     # Cleanup
     rm -f ${0}
diff --git a/build/run/docker-entrypoint/init.d/10-ssl.sh b/build/run/docker-entrypoint/init.d/10-ssl.sh
index 54bc0e9..aa9ae9e 100755
--- a/build/run/docker-entrypoint/init.d/10-ssl.sh
+++ b/build/run/docker-entrypoint/init.d/10-ssl.sh
@@ -1,22 +1,9 @@
 #!/usr/bin/env bash
-# Generate ssl keys
-if [ ! -f /etc/ssl/dovecot/tls.pem ] || [ ! -f /etc/ssl/dovecot/tls.key ]
+# Check if keys exist
+if [ ! -f /etc/ssl/dovecot/tls.pem ] || [ ! -f /etc/ssl/dovecot/tls.key ] || [ ! -f /etc/ssl/dovecot/dh.pem ]
 then
     exit 1
-#     mkdir -p /etc/ssl/dovecot/
-#     openssl req \
-#         -x509 \
-#         -newkey rsa:4096 \
-#         -sha512 \
-#         -nodes \
-#         -keyout /etc/ssl/dovecot/tls.key \
-#         -out /etc/ssl/dovecot/tls.pem \
-#         -subj "/CN=${MYVEMAIL_SUBDOMAIN}.${MYVEMAIL_DOMAIN}" \
-#         -days 3650
 fi
 
-# dh.pem
-[ -f /etc/ssl/dovecot/dh.pem ] || openssl dhparam -out /etc/ssl/dovecot/dh.pem 4096
-
 # Permissions
 setfacl -R -m u:${MYVEMAIL_NGINX_USERGROUP}:rx /etc/ssl/dovecot/