diff --git a/kubernetes/apps/default/truenas/certs-deploy/truenas-certs-deploy.sh b/kubernetes/apps/default/truenas/certs-deploy/truenas-certs-deploy.sh
index add0ab607..e700e0bec 100644
--- a/kubernetes/apps/default/truenas/certs-deploy/truenas-certs-deploy.sh
+++ b/kubernetes/apps/default/truenas/certs-deploy/truenas-certs-deploy.sh
@@ -8,7 +8,7 @@ cp /opt/id_rsa ~/.ssh/id_rsa
 chmod 600 ~/.ssh/id_rsa
 
 printf -v truenas_api_key %q "$TRUENAS_API_KEY"
-printf -v cert_deploy_s3_enabled_str %q CERTS_DEPLOY_S3_ENABLED
+printf -v cert_deploy_s3_enabled_str %q "$CERTS_DEPLOY_S3_ENABLED"
 printf -v pushover_api_key_str %q "$PUSHOVER_API_KEY"
 printf -v pushover_user_key_str %q "$PUSHOVER_USER_KEY"
 printf -v secret_domain_str %q "$SECRET_DOMAIN"
@@ -28,17 +28,17 @@ SECRET_DOMAIN=$5
 TARGET=$(hostname)
 DAYS=21
 CERTIFICATE_PATH="${HOME}/letsencrypt/${SECRET_DOMAIN}"
-CONFIG_PATH="${HOME}/scripts"
+SCRIPT_PATH="${HOME}/scripts"
 
 export CERTS_DEPLOY_API_KEY=$1
-export CERTS_DEPLOY_PRIVATE_KEY_PATH
-export CERTS_DEPLOY_FULLCHAIN_PATH
+export CERTS_DEPLOY_PRIVATE_KEY_PATH=${CERTIFICATE_PATH}/key.pem
+export CERTS_DEPLOY_FULLCHAIN_PATH=${CERTIFICATE_PATH}/fullchain.pem
 export CERTS_DEPLOY_S3_ENABLED=$2
 
 # Check if cert is older than 69 days
-result=$(find ${CERTIFICATE_PATH}/cert.pem -mtime +69)
+result=$(find ${CERTS_DEPLOY_PRIVATE_KEY_PATH} -mtime +69)
 
-if [[ "$result" == "${CERTIFICATE_PATH}/cert.pem" ]]; then
+if [[ "$result" == "${CERTS_DEPLOY_PRIVATE_KEY_PATH}" ]]; then
     echo "ERROR - Certificate is older than 69 days"
     echo "ERROR - Verify than it has been renewed by ACME client on opnsense and that the upload automation has been executed"
     curl -s \
@@ -48,8 +48,8 @@ if [[ "$result" == "${CERTIFICATE_PATH}/cert.pem" ]]; then
         https://api.pushover.net/1/messages.json
 else
     echo "checking if $TARGET expires in less than $DAYS days"
-    openssl x509 -checkend $(( 24*3600*$DAYS )) -noout -in <(openssl s_client -showcerts -connect $TARGET:443 </dev/null 2>/dev/null | openssl x509 -outform PEM)
-    if [ $? -ne 0 ]; then
+    result=(openssl x509 -checkend $(( 24*3600*$DAYS )) -noout -in <(openssl s_client -showcerts -connect $TARGET:443 </dev/null 2>/dev/null | openssl x509 -outform PEM))
+    if [ "$result" == "Certificate will expire" ]; then
         echo "INFO - Certificate expires in less than $DAYS days"
         echo "INFO - Deploying new certificate"
         # Deploy certificate (truenas UI & minio)