diff --git a/tasks/dns-challenge.yml b/tasks/dns-challenge.yml
index 77b42957b53fc18dc2d414e4f56c272cdcfbc16d..81f08673d11d150520ece742568f26338eecf2c6 100644
--- a/tasks/dns-challenge.yml
+++ b/tasks/dns-challenge.yml
@@ -38,6 +38,13 @@
     - /etc/letsencrypt/renewal-hooks/deploy
   become: true
 
+- name: Render deploy hook script
+  ansible.builtin.template:
+    src: templates/renew-hook.sh.j2
+    dest: /etc/letsencrypt/renewal-hooks/deploy/create-fullchain.sh
+    mode: '0755'
+  become: true
+
 - name: Request Cert If Necessary - DNS Challenge
   when: not lecert.stat.exists
   become: true
@@ -47,7 +54,7 @@
         lego -a --dns {{ certbot_dns_provider }}
         --email {{ certbot_admin_email }} -d {{ lego_dflag }}
         --path {{ certbot_live_dir }}
-        run --no-bundle
+        run --no-bundle --renew-hook /etc/letsencrypt/renewal-hooks/deploy/create-fullchain.sh
       environment: "{{ dns_provider_auth_env_variables }}"
       register: lego
       changed_when: lego.rc == 0
diff --git a/templates/dns-challenge.service.j2 b/templates/dns-challenge.service.j2
index a0dfb72d9de06dc4c0ed302852a4c1a331672be8..107dbe91e385459eb1ba05a7154e1369882de0b7 100644
--- a/templates/dns-challenge.service.j2
+++ b/templates/dns-challenge.service.j2
@@ -5,10 +5,8 @@ Description=LEGO DNS challenge
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/lego -a --dns {{ certbot_dns_provider }} --email {{ certbot_admin_email }} -d {{ lego_dflag }} --path {{ certbot_live_dir }} renew --no-bundle
+ExecStart=/usr/bin/lego -a --dns {{ certbot_dns_provider }} --email {{ certbot_admin_email }} -d {{ lego_dflag }} --path {{ certbot_live_dir }} renew --no-bundle --renew-hook /etc/letsencrypt/renewal-hooks/deploy/create-fullchain.sh
 ExecStartPost=cp {{ certbot_live_dir }}/certificates/{{ certbot_fqdn_first }}.crt {{ certbot_live_dir }}/cert.pem
 ExecStartPost=cp {{ certbot_live_dir }}/certificates/{{ certbot_fqdn_first }}.key {{ certbot_live_dir }}/privkey.pem
-ExecStartPost=cat {{ certbot_live_dir }}/certificates/{{ certbot_fqdn_first }}.crt >> {{ certbot_live_dir }}/fullchain.pem
-ExecStartPost=cat {{ certbot_live_dir }}/certificates/{{ certbot_fqdn_first }}.issuer.crt >> {{ certbot_live_dir }}/fullchain.pem
 {{ "ExecStartPost=/etc/letsencrypt/renewal-hooks/deploy/" + certbot_application if certbot_application is defined else "" }}
 EnvironmentFile=/etc/default/dns-challenge.env
diff --git a/templates/renew-hook.sh.j2 b/templates/renew-hook.sh.j2
new file mode 100644
index 0000000000000000000000000000000000000000..820e87a1721bd09017a9278c96560789f5f05e0a
--- /dev/null
+++ b/templates/renew-hook.sh.j2
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+cat {{ certbot_live_dir }}/certificates/{{ certbot_fqdn_first }}.crt >> {{ certbot_live_dir }}/fullchain.pem
+cat {{ certbot_live_dir }}/certificates/{{ certbot_fqdn_first }}.issuer.crt >> {{ certbot_live_dir }}/fullchain.pem
\ No newline at end of file