From c140d98366e747105861d03f954702c03a0143da Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Tue, 27 May 2025 14:13:39 -0400
Subject: [PATCH] clean up old files for dnsdist

---
 certbot/0.ns1.grapheneos.org | 2 +-
 certbot/0.ns2.grapheneos.org | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/certbot/0.ns1.grapheneos.org b/certbot/0.ns1.grapheneos.org
index f4e2998..2e1372d 100644
--- a/certbot/0.ns1.grapheneos.org
+++ b/certbot/0.ns1.grapheneos.org
@@ -1,6 +1,6 @@
 certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
     --key-type ecdsa --reuse-key --preferred-profile tlsserver \
-    --deploy-hook "nginx -s reload; rsync -rLvc --chmod=D750,F640 --chown root:dnsdist /etc/letsencrypt/live/ /etc/letsencrypt/dnsdist/; dnsdist -c -e 'reloadAllCertificates()'" \
+    --deploy-hook "nginx -s reload; rsync -rLvc --delete --chmod=D750,F640 --chown root:dnsdist /etc/letsencrypt/live/ /etc/letsencrypt/dnsdist/; dnsdist -c -e 'reloadAllCertificates()'" \
     --cert-name ns1.grapheneos.org \
     -d ns1.grapheneos.org \
     -d ns1.attestation.app \
diff --git a/certbot/0.ns2.grapheneos.org b/certbot/0.ns2.grapheneos.org
index 4b64eda..ecdd636 100644
--- a/certbot/0.ns2.grapheneos.org
+++ b/certbot/0.ns2.grapheneos.org
@@ -1,6 +1,6 @@
 certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
     --key-type ecdsa --reuse-key --preferred-profile tlsserver \
-    --deploy-hook "nginx -s reload; rsync -rLvc --chmod=D750,F640 --chown root:dnsdist /etc/letsencrypt/live/ /etc/letsencrypt/dnsdist/; dnsdist -c -e 'reloadAllCertificates()'" \
+    --deploy-hook "nginx -s reload; rsync -rLvc --delete --chmod=D750,F640 --chown root:dnsdist /etc/letsencrypt/live/ /etc/letsencrypt/dnsdist/; dnsdist -c -e 'reloadAllCertificates()'" \
     --cert-name ns2.grapheneos.org \
     -d ns2.grapheneos.org \
     -d ns2.attestation.app \