diff --git a/provision/letsencrypt.sh b/provision/letsencrypt.sh
index c073d701..71dc6424 100755
--- a/provision/letsencrypt.sh
+++ b/provision/letsencrypt.sh
@@ -12,6 +12,10 @@ install_letsencrypt()
 {
 	tell_status "installing ACME.sh & Let's Encrypt"
 	pkg install -y curl socat acme.sh
+
+	if [ ! -d "/root/.acme.sh" ]; then
+		mkdir "/root/.acme.sh"
+	fi
 }
 
 install_deploy_haproxy()
@@ -468,10 +472,10 @@ install_deploy_scripts()
 
 update_haproxy_ssld()
 {
-       if [ ! -d "$ZFS_DATA_MNT/haproxy" ]; then
-               # haproxy not installed, nothing to do
-               return
-       fi
+	if [ ! -d "$ZFS_DATA_MNT/haproxy" ]; then
+		# haproxy not installed, nothing to do
+		return
+	fi
 
 	local _haconf="$ZFS_DATA_MNT/haproxy/etc/haproxy.conf"
 	if ! grep -q 'ssl crt /etc' "$_haconf"; then
@@ -479,7 +483,7 @@ update_haproxy_ssld()
 		return
 	fi
 
-       tell_status "switching haproxy TLS cert dir to /data/etc/tls.d"
+	tell_status "switching haproxy TLS cert dir to /data/etc/tls.d"
 	sed -i.bak \
 		-e 's!ssl crt /etc.*!ssl crt /data/etc/tls.d!' \
 		"$_haconf"
@@ -493,11 +497,11 @@ configure_letsencrypt()
 
 	local _HTTPDIR="$ZFS_DATA_MNT/webmail/htdocs"
 
-       acme.sh --set-default-ca --server letsencrypt
+	acme.sh --set-default-ca --server letsencrypt
 
-       if acme.sh --issue --force -d "$TOASTER_HOSTNAME" -w "$_HTTPDIR"; then
+	if acme.sh --issue --force -d "$TOASTER_HOSTNAME" -w "$_HTTPDIR"; then
 		update_haproxy_ssld
-               acme.sh --deploy -d "$TOASTER_HOSTNAME" --deploy-hook mailtoaster
+		acme.sh --deploy -d "$TOASTER_HOSTNAME" --deploy-hook mailtoaster
 	else
 		tell_status "TLS Certificate Issue failed"
 		exit 1