diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 469cd5da..7b4f7d29 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -14,4 +14,4 @@ jobs:
         with:
           check_together: 'yes'
         env:
-          SHELLCHECK_OPTS: --shell sh -e SC2153
+          SHELLCHECK_OPTS: --shell sh -e SC1091 -e SC2153
diff --git a/README.md b/README.md
index 5a9ee9fe..4d5e2c6b 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@ running at home or otherwise, including free TLS, without having to know too muc
 
 
 **Note: To fix [this issue](https://github.com/SpiderLabs/ModSecurity/issues/2848), instead of running `nginx -s reload`, this fork stops nginx and starts it again. This can result in a 502 error when you update your hosts. See https://github.com/ZoeyVid/NPMplus/issues/296 and https://github.com/ZoeyVid/NPMplus/issues/283.** <br>
+**Note: Reloading the NPMplus UI can cause a 502 error. See https://github.com/ZoeyVid/NPMplus/issues/241.** <br>
 **Note: NO armv7 support.** <br>
 **Note: add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf` to support PUID/PGID in network mode host.** <br>
 **Note: If you don't use network mode host, which I don't recommend, don't forget to expose port 443 on tcp AND udp (http3/quic needs udp).** <br>
diff --git a/backend/templates/_listen.conf b/backend/templates/_listen.conf
index 0e339618..858615a1 100644
--- a/backend/templates/_listen.conf
+++ b/backend/templates/_listen.conf
@@ -1,3 +1,5 @@
+  listen unix:/run/nginx.sock;
+
   listen 80;
   listen [::]:80;
 
diff --git a/backend/templates/certbot-request.conf b/backend/templates/certbot-request.conf
index 10c4cd0b..54533691 100644
--- a/backend/templates/certbot-request.conf
+++ b/backend/templates/certbot-request.conf
@@ -1,6 +1,8 @@
 {% include "_header_comment.conf" %}
 
 server {
+  listen unix:/run/nginx.sock;
+
   listen 80;
   listen [::]:80;
 
diff --git a/backend/templates/default.conf b/backend/templates/default.conf
index fde8bc5a..88806d06 100644
--- a/backend/templates/default.conf
+++ b/backend/templates/default.conf
@@ -2,6 +2,8 @@
 # Default Site
 # ------------------------------------------------------------
 server {
+  listen unix:/run/nginx.sock default_server;
+
   listen 80 default_server;
   listen [::]:80 default_server;
   
diff --git a/frontend/app-images/logo-text-vertical-grey.png b/frontend/app-images/logo-text-vertical-grey.png
index 76c03176..df90ece6 100644
Binary files a/frontend/app-images/logo-text-vertical-grey.png and b/frontend/app-images/logo-text-vertical-grey.png differ
diff --git a/rootfs/bin/cbr.sh b/rootfs/bin/cbr.sh
new file mode 100755
index 00000000..892c9ef8
--- /dev/null
+++ b/rootfs/bin/cbr.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+while [ "$(healthcheck.sh)" != "OK" ]; do sleep 10s; done
+certbot --logs-dir /tmp/certbot-log --work-dir /tmp/certbot-work --config-dir /data/tls/certbot renew --quiet --config "/data/tls/certbot/config.ini" --preferred-challenges "dns,http" --no-random-sleep-on-renew
diff --git a/rootfs/bin/launch.sh b/rootfs/bin/launch.sh
index 5f744100..48e1c019 100755
--- a/rootfs/bin/launch.sh
+++ b/rootfs/bin/launch.sh
@@ -38,5 +38,6 @@ fi
 
 if [ "$PHP81" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FOR; fi &
 if [ "$PHP82" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FOR; fi &
+cbr.sh &
 aio.sh &
 index.js
diff --git a/rootfs/bin/start.sh b/rootfs/bin/start.sh
index 2aff09d6..3936ec3c 100755
--- a/rootfs/bin/start.sh
+++ b/rootfs/bin/start.sh
@@ -15,6 +15,10 @@ if [ ! -d /data ]; then
 fi
 
 
+touch /data/.env
+. /data/.env
+
+
 if [ -z "$TZ" ] || ! echo "$TZ" | grep -q "^[A-Za-z/]\+$"; then
     echo "TZ is unset or invalid."
     sleep inf
@@ -138,11 +142,16 @@ if [ "$PGID" != "0" ] && [ "$PUID" = "0" ]; then
 fi
 
 
+if [ "$NC_AIO" = "true" ]; then
+    export DISABLE_HTTP="true"
+fi
+
 if [ "$NPM_LISTEN_LOCALHOST" = "true" ]; then
     export NPM_IPV4_BINDING="127.0.0.1"
     export NPM_IPV6_BINDING="[::1]"
 fi
 
+
 if [ "$PHP81" = "true" ] || [ "$PHP82" = "true" ]; then
     apk add --no-cache fcgi
 fi
diff --git a/rootfs/usr/local/nginx/conf/conf.d/include/default.conf b/rootfs/usr/local/nginx/conf/conf.d/include/default.conf
index 3d11fb0d..100a8d3d 100644
--- a/rootfs/usr/local/nginx/conf/conf.d/include/default.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/include/default.conf
@@ -2,6 +2,8 @@
 # Default Site
 # ------------------------------------------------------------
 server {
+    listen unix:/run/nginx.sock default_server;
+
     listen 80 default_server;
     listen [::]:80 default_server;
 
diff --git a/rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf b/rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf
index d2c44c6c..67cbbfbc 100644
--- a/rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf
@@ -1,4 +1,6 @@
 server {
+    listen unix:/run/nginx.sock;
+
     listen 80;
     listen [::]:80;