diff --git a/entrypoint.sh b/entrypoint.sh
index 252a9b7..981dc27 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -12,11 +12,11 @@ else
 fi
 
 # Try to get a certificate, accept failures
-while [ ! -f /etc/letsencrypt/live/${DOMAIN}/fullchain.pem ]; do
+while [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; do
     certbot certonly --agree-tos --cert-name "${DOMAIN}" \
             --email "$EMAIL" --expand --non-interactive \
             --domain "$DOMAIN" --standalone $STAGING
-    sleep 60
+    sleep 30
 
     # Correct permissions for multi user container/pod deployments
     # if not indicated otherwise
@@ -29,5 +29,11 @@ done
 # Try to renew once per day
 while true; do
     /usr/bin/certbot renew
+
+    # And again, correct permissions if not told otherwise
+    if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
+        find /etc/letsencrypt -type d -exec chmod 0755 {} \;
+        find /etc/letsencrypt -type f -exec chmod 0644 {} \;
+    fi
     sleep 86400
 done