Fix chain cleanup order after fullchain creation

dyntls.sh

@@ -1093,10 +1093,6 @@ _create_cert() {
                 _log "Moving issued certificate to target: $DYNTLS_DOMAIN_TARGET_CERT" 2
                 mv "$out_file_tmp" "$DYNTLS_DOMAIN_TARGET_CERT"
 
-                # Remove temporary file(s)
-                _log "Removing ACME chain file: $DYNTLS_LE_TMP_DIR/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_TMP_CHAIN_SUFFIX" 1
-                rm -f "$DYNTLS_LE_TMP_DIR/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_TMP_CHAIN_SUFFIX"
-
                 # Create fullchain file choosing correct chain (R12 vs R13)
                 #issuer_CN=$(openssl x509 -noout -issuer -in "$DYNTLS_DOMAIN_TARGET_CERT" | sed -n 's/^issuer=.*CN=//p')
                 #_log "Detected issuer CN for chain selection: $issuer_CN" 1
@@ -1128,6 +1124,10 @@ _create_cert() {
                 chmod 640 "$chain_path" "$fullchain_path"
                 #chmod 640 "$DYNTLS_PKI_HTTP_CERT_DIR"/*.pem*
 
+                # Remove temporary file(s)
+                _log "Removing ACME chain file: $DYNTLS_LE_TMP_DIR/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_TMP_CHAIN_SUFFIX" 1
+                rm -f "$DYNTLS_LE_TMP_DIR/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_TMP_CHAIN_SUFFIX"
+
                 # Copy or link the server key AFTER cert is issued
                 KeyFile="$DYNTLS_PKI_HTTP_KEY_DIR/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_KEY_SUFFIX"
                 _log "Planned server key path: $KeyFile" 1