diff --git a/src/acme2.js b/src/acme2.js
index d251e40a9..c8b5f2162 100644
--- a/src/acme2.js
+++ b/src/acme2.js
@@ -347,7 +347,7 @@ Acme2.prototype.prepareHttpChallenge = async function (hostname, domain, authori
 
     debug('prepareHttpChallenge: writing %s to %s', keyAuthorization, path.join(acmeChallengesDir, challenge.token));
 
-    if (!fs.writeFileSync(path.join(acmeChallengesDir, challenge.token), keyAuthorization)) throw new BoxError(BoxError.FS_ERROR, safe.error);
+    if (!safe.fs.writeFileSync(path.join(acmeChallengesDir, challenge.token), keyAuthorization)) throw new BoxError(BoxError.FS_ERROR, `Error writing challenge: ${safe.error.message}`);
 
     return challenge;
 };
@@ -360,7 +360,7 @@ Acme2.prototype.cleanupHttpChallenge = async function (hostname, domain, challen
 
     debug('cleanupHttpChallenge: unlinking %s', path.join(acmeChallengesDir, challenge.token));
 
-    await fs.promises.unlink(path.join(acmeChallengesDir, challenge.token));
+    if (!safe.fs.unlinkSync(path.join(acmeChallengesDir, challenge.token))) throw new BoxError(BoxError.FS_ERROR, `Error unlinking challenge: ${safe.error.message}`);
 };
 
 function getChallengeSubdomain(hostname, domain) {
diff --git a/src/reverseproxy.js b/src/reverseproxy.js
index 9b24ecf88..d878e1018 100644
--- a/src/reverseproxy.js
+++ b/src/reverseproxy.js
@@ -101,7 +101,7 @@ function getExpiryDate(certFilePath) {
 
     if (!fs.existsSync(certFilePath)) return null; // not found
 
-    const result = safe.child_process.spawnSync('/usr/bin/openssl', [ 'x509', '-enddate', '-noout', certFilePath ]);
+    const result = safe.child_process.spawnSync('/usr/bin/openssl', [ 'x509', '-enddate', '-noout', '-in', certFilePath ]);
     if (!result) return null; // some error
 
     const notAfter = result.stdout.toString('utf8').trim().split('=')[1];