fix(ssl): deploy nginx-proxy certs atomically with checked copies

[mrrobot47]

Problem

moveCertsToNginxProxy() deployed the freshly-issued cert with three sequential bare copy() calls (key, crt, chain) into services/nginx-proxy/certs/, ignoring every return value and with no temp-file + rename. A failure between copies (disk full, permissions, crash) left nginx-proxy pointing at a mismatched key/cert pair. This runs on both first issuance and renewal (the unattended cron path).

Fix

Copy each source to a temp file in the destination directory (checking copy()), then rename() each into place (checking rename()). rename() is atomic on the same filesystem, so a failed copy can no longer leave a half-written live key/cert. On any failure the temp files are cleaned up and an exception is thrown, rather than silently leaving a partial deploy.

Notes

• The three renames are each atomic per-file but not collectively atomic; the code does not roll back an already-renamed file (a same-filesystem rename failing after a prior success is near-impossible). The comment states this precisely.
• The method stays void and throws on failure: executeRenewal() already wraps the call in try/catch (surfaces as a renewal warning); on first issuance the exception propagates as a loud failure — preferable to the previous silent broken-cert outcome.

Testing

Manual (needs the EE + Docker harness): issue/renew a cert and confirm .key/.crt/.chain.pem deploy together with no .tmp leftovers; make the certs dir unwritable to force a failure and confirm it errors without leaving a mismatched pair.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.