Protect against wedged `nginx` startups

If `nginx` starts up incorrectly, we'll end up waiting a week for it to
start up.  Instead, fail out first.

src/scripts/entrypoint.sh

@@ -15,7 +15,7 @@ auto_enable_configs
 
 # Start up nginx, save PID so we can reload config inside of run_certbot.sh
 nginx -g "daemon off;" &
-export NGINX_PID=$!
+NGINX_PID=$!
 
 # Lastly, run startup scripts
 for f in /scripts/startup/*.sh; do
@@ -28,20 +28,22 @@ echo "Done with startup"
 
 # Instead of trying to run `cron` or something like that, just sleep and run `certbot`.
 while [ true ]; do
-    echo "Run certbot"
-    /scripts/run_certbot.sh
-
-    # Sleep for 1 week
-    sleep 604810 &
-    SLEEP_PID=$!
-
-    # Wait for 1 week sleep or nginx
-    wait -n $SLEEP_PID $NGINX_PID
-
     # Make sure we do not run container empty (without nginx process).
     # If nginx quit for whatever reason then stop the container.
     # Leave the restart decision to the container orchestration.
     if ! jobs | grep --quiet nginx ; then
         exit 1
     fi
+
+    # Run certbot, tell nginx to reload its config
+    echo "Run certbot"
+    /scripts/run_certbot.sh
+    kill -HUP $NGINX_PID
+
+    # Sleep for 1 week
+    sleep 604810 &
+    SLEEP_PID=$!
+
+    # Wait for 1 week sleep or nginx
+    wait -n "$SLEEP_PID" "$NGINX_PID"
 done

src/scripts/run_certbot.sh

@@ -29,8 +29,5 @@ done
 # did indeed get certificates for
 auto_enable_configs
 
-# Finally, tell nginx to reload the configs
-kill -HUP $NGINX_PID
-
 set +x
 exit $exit_code