diff --git a/Dockerfile-arm32v7 b/Dockerfile-arm32v7
index de25a51a3..f239b122a 100644
--- a/Dockerfile-arm32v7
+++ b/Dockerfile-arm32v7
@@ -36,6 +36,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c
     chmod 750 /var/log/nginx && \
     touch /var/log/nginx/error.log /var/log/nginx/modsec_audit.log && \
     chown nginx:nginx /var/log/nginx/*.log && \
+    mkdir /acme-challenge && \
     chown root:nginx /acme-challenge && \
     chmod 750 /acme-challenge
 
diff --git a/Dockerfile-arm64v8 b/Dockerfile-arm64v8
index ccd928df0..114ff7e98 100644
--- a/Dockerfile-arm64v8
+++ b/Dockerfile-arm64v8
@@ -36,6 +36,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c
     chmod 750 /var/log/nginx && \
     touch /var/log/nginx/error.log /var/log/nginx/modsec_audit.log && \
     chown nginx:nginx /var/log/nginx/*.log && \
+    mkdir /acme-challenge && \
     chown root:nginx /acme-challenge && \
     chmod 750 /acme-challenge
 
diff --git a/Dockerfile-i386 b/Dockerfile-i386
index 1ccff0672..b0207c785 100644
--- a/Dockerfile-i386
+++ b/Dockerfile-i386
@@ -29,6 +29,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c
     chmod 750 /var/log/nginx && \
     touch /var/log/nginx/error.log /var/log/nginx/modsec_audit.log && \
     chown nginx:nginx /var/log/nginx/*.log && \
+    mkdir /acme-challenge && \
     chown root:nginx /acme-challenge && \
     chmod 750 /acme-challenge
 
diff --git a/confs/site/lets-encrypt-webroot.conf b/confs/site/lets-encrypt-webroot.conf
index a5b14a949..5b8e707ea 100644
--- a/confs/site/lets-encrypt-webroot.conf
+++ b/confs/site/lets-encrypt-webroot.conf
@@ -1,3 +1,3 @@
-location ^~ ^/.well-known/acme-challenge/ {
+location ~ ^/.well-known/acme-challenge/ {
 	root /acme-challenge;
 }
diff --git a/entrypoint/site-config.sh b/entrypoint/site-config.sh
index 41968a731..a89a345ee 100644
--- a/entrypoint/site-config.sh
+++ b/entrypoint/site-config.sh
@@ -22,9 +22,6 @@ if [ "$MULTISITE" = "yes" ] ; then
 	ROOT_FOLDER="${ROOT_FOLDER}/$1"
 fi
 
-# generate Let's Encrypt certificate before copying configs
-# in case we are in autoconf mode and nginx is already running
-
 # copy stub confs
 if [ "$MULTISITE" = "yes" ] ; then
 	mkdir "$NGINX_PREFIX"
diff --git a/scripts/abusers.sh b/scripts/abusers.sh
index 1f40ebe4d..bcf389568 100755
--- a/scripts/abusers.sh
+++ b/scripts/abusers.sh
@@ -10,5 +10,5 @@ while read entry ; do
 done
 cp /etc/nginx/block-abusers.conf /cache
 if [ -f /tmp/nginx.pid ] ; then
-	/usr/sbin/nginx -s reload
+	/usr/sbin/nginx -s reload > /dev/null 2>&1
 fi
diff --git a/scripts/certbot-renew.sh b/scripts/certbot-renew.sh
index 2176d1874..dc596c758 100644
--- a/scripts/certbot-renew.sh
+++ b/scripts/certbot-renew.sh
@@ -10,5 +10,5 @@ find /etc/letsencrypt -type d -exec chmod 750 {} \;
 
 # reload nginx
 if [ -f /tmp/nginx.pid ] ; then
-	/usr/sbin/nginx -s reload
+	/usr/sbin/nginx -s reload > /dev/null 2>&1
 fi
diff --git a/scripts/exit-nodes.sh b/scripts/exit-nodes.sh
index 91f60c49e..9ea575f3b 100644
--- a/scripts/exit-nodes.sh
+++ b/scripts/exit-nodes.sh
@@ -10,5 +10,5 @@ while read entry ; do
 done
 cp /etc/nginx/block-tor-exit-node.conf /cache
 if [ -f /tmp/nginx.pid ] ; then
-	/usr/sbin/nginx -s reload
+	/usr/sbin/nginx -s reload > /dev/null 2>&1
 fi
diff --git a/scripts/geoip.sh b/scripts/geoip.sh
index f8c29b59b..10006805a 100644
--- a/scripts/geoip.sh
+++ b/scripts/geoip.sh
@@ -7,6 +7,6 @@ if [ -f /etc/nginx/geoip.mmdb.gz ] ; then
 	gunzip -f /etc/nginx/geoip.mmdb.gz
 	cp /etc/nginx/geoip.mmdb /cache
 	if [ -f /tmp/nginx.pid ] ; then
-		/usr/sbin/nginx -s reload
+		/usr/sbin/nginx -s reload > /dev/null 2>&1
 	fi
 fi
diff --git a/scripts/logrotate.sh b/scripts/logrotate.sh
index 0730d4c01..0a6eb843c 100644
--- a/scripts/logrotate.sh
+++ b/scripts/logrotate.sh
@@ -7,5 +7,5 @@ pkill -HUP rsyslogd
 fail2ban-client flushlogs
 
 if [ -f /tmp/nginx.pid ] ; then
-        /usr/sbin/nginx -s reload
+        /usr/sbin/nginx -s reload > /dev/null 2>&1
 fi
diff --git a/scripts/proxies.sh b/scripts/proxies.sh
index d5d551be9..1d3dc9f56 100755
--- a/scripts/proxies.sh
+++ b/scripts/proxies.sh
@@ -10,5 +10,5 @@ while read entry ; do
 done
 cp /etc/nginx/block-proxies.conf /cache
 if [ -f /tmp/nginx.pid ] ; then
-	/usr/sbin/nginx -s reload
+	/usr/sbin/nginx -s reload > /dev/null 2>&1
 fi
diff --git a/scripts/referrers.sh b/scripts/referrers.sh
index a49b987f7..6f4359f98 100755
--- a/scripts/referrers.sh
+++ b/scripts/referrers.sh
@@ -11,5 +11,5 @@ echo -e "map \$http_referer \$bad_referrer { hostnames; default no; $DATA }" > /
 cp /etc/nginx/map-referrer.conf /cache
 
 if [ -f /tmp/nginx.pid ] ; then
-	/usr/sbin/nginx -s reload
+	/usr/sbin/nginx -s reload > /dev/null 2>&1
 fi
diff --git a/scripts/user-agents.sh b/scripts/user-agents.sh
index 17b5fd516..097c64833 100755
--- a/scripts/user-agents.sh
+++ b/scripts/user-agents.sh
@@ -13,5 +13,5 @@ echo -e "map \$http_user_agent \$bad_user_agent { default no; $DATA_ESCAPED }" >
 cp /etc/nginx/map-user-agent.conf /cache
 
 if [ -f /tmp/nginx.pid ] ; then
-	/usr/sbin/nginx -s reload
+	/usr/sbin/nginx -s reload > /dev/null 2>&1
 fi