Move dh.pem generation outside container

01-nginx-setup.sh

@@ -100,9 +100,13 @@ then
     certbot --nginx --non-interactive --agree-tos --no-eff-email -m ${eff_email_address} -d ${domain} \
         --staple-ocsp --hsts --no-redirect --renew-hook 'docker exec --interactive --tty myvemail /bin/ash -c "dovecot reload; postfix reload"'
 
-    # Link certificates
+    # SSL
+    [ -d ./data/ssl/ ] || mkdir -p ./data/ssl
+    # Link certificate and private key
     ln -s /etc/letsencrypt/live/${domain}/fullchain.pem ./data/ssl/tls.pem
     ln -s /etc/letsencrypt/live/${domain}/privkey.pem ./data/ssl/tls.key
+    # dh.pem
+    [ -f ./data/ssl/dh.pem ] || openssl dhparam -out ./data/ssl/dh.pem 4096
 
     # Cleanup
     rm -f ${0}