Create required certificate and chaincache directories outside of sign_domain

dehydrated

@@ -880,15 +880,6 @@ sign_domain() {
     _exiterr "Certificate authority doesn't allow certificate signing"
   fi
 
-  # If there is no existing certificate directory => make it
-  if [[ ! -e "${certdir}" ]]; then
-    echo " + Creating new directory ${certdir} ..."
-    mkdir -p "${certdir}" || _exiterr "Unable to create directory ${certdir}"
-  fi
-  if [ ! -d "${CHAINCACHE}" ]; then
-    echo " + Creating chain cache directory ${CHAINCACHE}"
-    mkdir "${CHAINCACHE}"
-  fi
 
   privkey="privkey.pem"
   # generate a new private key if we need or want one
@@ -1078,6 +1069,11 @@ command_sign_domains() {
   init_system
   [[ -n "${HOOK}" ]] && "${HOOK}" "startup_hook"
 
+  if [ ! -d "${CHAINCACHE}" ]; then
+    echo " + Creating chain cache directory ${CHAINCACHE}"
+    mkdir "${CHAINCACHE}"
+  fi
+
   if [[ -n "${PARAM_DOMAIN:-}" ]]; then
     DOMAINS_TXT="$(_mktemp)"
     if [[ -n "${PARAM_ALIAS:-}" ]]; then
@@ -1123,6 +1119,12 @@ command_sign_domains() {
       echo "Processing ${domain} with alternative names: ${morenames}"
     fi
 
+    # If there is no existing certificate directory => make it
+    if [[ ! -e "${certdir}" ]]; then
+      echo " + Creating new directory ${certdir} ..."
+      mkdir -p "${certdir}" || _exiterr "Unable to create directory ${certdir}"
+    fi
+
     # read cert config
     # for now this loads the certificate specific config in a subshell and parses a diff of set variables.
     # we could just source the config file but i decided to go this way to protect people from accidentally overriding