diff --git a/service/letsencrypt/container/run-hook b/service/letsencrypt/container/run-hook
index 91f8b2d..287b1d9 100755
--- a/service/letsencrypt/container/run-hook
+++ b/service/letsencrypt/container/run-hook
@@ -2,8 +2,7 @@
 
 set -eu
 
-# Copy certificates to dedicated directories.
-for dir in "/var/lib/letsencrypt-certificates" "/var/lib/letsencrypt-certificate-$CERT_DOMAIN"; do
-    install --owner letsencrypt --group letsencrypt --mode 0644 "$LEGO_CERT_PATH" "$dir"
-    install --owner letsencrypt --group letsencrypt --mode 0640 "$LEGO_CERT_KEY_PATH" "$dir"
-done
+# Copy certificates to dedicated directory.
+install --owner letsencrypt --group letsencrypt --mode 0755 -d "/var/lib/letsencrypt-certificates/$LEGO_CERT_DOMAIN"
+install --owner letsencrypt --group letsencrypt --mode 0644 "$LEGO_CERT_PATH" "/var/lib/letsencrypt-certificates/$LEGO_CERT_DOMAIN/cert.pem"
+install --owner letsencrypt --group letsencrypt --mode 0640 "$LEGO_CERT_KEY_PATH" "/var/lib/letsencrypt-certificates/$LEGO_CERT_DOMAIN/cert.key"
diff --git a/service/letsencrypt/container/run-lego b/service/letsencrypt/container/run-lego
index 3254004..cd03735 100755
--- a/service/letsencrypt/container/run-lego
+++ b/service/letsencrypt/container/run-lego
@@ -2,7 +2,8 @@
 
 set -eu
 
-# Correct permissions where needed.
+# Create directories and correct permissions where needed.
+install --owner letsencrypt --group letsencrypt --mode 0755 -d /var/lib/letsencrypt-certificates
 chown -R letsencrypt:letsencrypt /var/lib/letsencrypt
 
 # Run ACME verification with parameters given.
diff --git a/service/letsencrypt/systemd/letsencrypt-dns-register@.service b/service/letsencrypt/systemd/letsencrypt-dns-register@.service
index aa1a798..ffbe820 100644
--- a/service/letsencrypt/systemd/letsencrypt-dns-register@.service
+++ b/service/letsencrypt/systemd/letsencrypt-dns-register@.service
@@ -12,7 +12,6 @@ ExecStart=/bin/podman run --replace --rm --name letsencrypt-register-%i \
                           --env-file %E/coreos-home-server/letsencrypt/letsencrypt.env \
                           --volume letsencrypt:/var/lib/letsencrypt:z \
                           --volume letsencrypt-certificates:/var/lib/letsencrypt-certificates:z \
-                          --volume "letsencrypt-certificate-%i:/var/lib/letsencrypt-certificate-%i:z" \
                           localhost/letsencrypt:latest \
                           --accept-tos --pem --path /var/lib/letsencrypt --domains "%i" \
                           --server ${ACME_SERVER} --email ${ACME_EMAIL} --dns ${ACME_DNS_PROVIDER} run \
diff --git a/service/letsencrypt/systemd/letsencrypt-dns-renew@.service b/service/letsencrypt/systemd/letsencrypt-dns-renew@.service
index 4bbc6e2..341b137 100644
--- a/service/letsencrypt/systemd/letsencrypt-dns-renew@.service
+++ b/service/letsencrypt/systemd/letsencrypt-dns-renew@.service
@@ -11,7 +11,6 @@ ExecStart=/bin/podman run --replace --rm --name letsencrypt-renew-%i \
                           --env-file %E/coreos-home-server/letsencrypt/letsencrypt.env \
                           --volume letsencrypt:/var/lib/letsencrypt:z \
                           --volume letsencrypt-certificates:/var/lib/letsencrypt-certificates:z \
-                          --volume "letsencrypt-certificate-%i:/var/lib/letsencrypt-certificate-%i:z" \
                           localhost/letsencrypt:latest \
                           --pem --path /var/lib/letsencrypt --domains "%i" \
                           --server ${ACME_SERVER} --email ${ACME_EMAIL} --dns ${ACME_DNS_PROVIDER} renew \