diff --git a/confs/global/nginx-temp.conf b/confs/global/nginx-temp.conf
index 917c779..09ed438 100644
--- a/confs/global/nginx-temp.conf
+++ b/confs/global/nginx-temp.conf
@@ -15,7 +15,8 @@ http {
 	fastcgi_temp_path /tmp/fastcgi_temp;
 	uwsgi_temp_path /tmp/uwsgi_temp;
 	scgi_temp_path /tmp/scgi_temp;
-	lua_package_path "/usr/local/lib/lua/?.lua;;";
+	lua_package_path "/opt/bunkerized-nginx/lua/?.lua;/opt/bunkerized-nginx/plugins/?.lua;/opt/bunkerized-nginx/deps/lib/lua/?.lua;;";
+	lua_package_cpath "/opt/bunkerized-nginx/deps/lib/?.so;/opt/bunkerized-nginx/deps/lib/lua/?.so;;";
 	server {
 		listen 0.0.0.0:%HTTP_PORT% default_server;
 		server_name _;
diff --git a/entrypoint/jobs.sh b/entrypoint/jobs.sh
index d6c4498..14e8cc5 100644
--- a/entrypoint/jobs.sh
+++ b/entrypoint/jobs.sh
@@ -19,7 +19,7 @@ if [ "$files" != "" ] ; then
 		SELF_SIGNED_SSL_ORG="$(sed -nE 's/^SELF_SIGNED_SSL_ORG=(.*)$/\1/p' $file)"
 		SELF_SIGNED_SSL_OU="$(sed -nE 's/^SELF_SIGNED_SSL_OU=(.*)$/\1/p' $file)"
 		SELF_SIGNED_SSL_CN="$(sed -nE 's/^SELF_SIGNED_SSL_CN=(.*)$/\1/p' $file)"
-		/opt/bunkerized-nginx/jobs/main.py --name self-signed-cert --dst_cert "${dest}self-cert.pem" --dst_key "${dest}self-key.pem" --days "$SELF_SIGNED_SSL_EXPIRY" --subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN"
+		/opt/bunkerized-nginx/jobs/main.py --name self-signed-cert --dst_cert "${dest}self-cert.pem" --dst_key "${dest}self-key.pem" --expiry "$SELF_SIGNED_SSL_EXPIRY" --subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN"
 		if [ $? -eq 0 ] ; then
 			echo "[*] Generated self-signed certificate ${dest}self-cert.pem with key ${dest}self-key.pem"
 		else
@@ -37,7 +37,7 @@ if [ "$(has_value AUTO_LETS_ENCRYPT yes)" != "" ] || [ "$(has_value GENERATE_SEL
 	SELF_SIGNED_SSL_ORG="Your Company, Inc."
 	SELF_SIGNED_SSL_OU="IT"
 	SELF_SIGNED_SSL_CN="www.yourdomain.com"
-	/opt/bunkerized-nginx/jobs/main.py --name self-signed-cert --dst_cert "/etc/nginx/default-cert.pem" --dst_key "/etc/nginx/default-key.pem" --days "$SELF_SIGNED_SSL_EXPIRY" --subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN"
+	/opt/bunkerized-nginx/jobs/main.py --name self-signed-cert --dst_cert "/etc/nginx/default-cert.pem" --dst_key "/etc/nginx/default-key.pem" --expiry "$SELF_SIGNED_SSL_EXPIRY" --subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN"
 	if [ $? -eq 0 ] ; then
 		echo "[*] Generated self-signed certificate for default server"
 	else
@@ -55,10 +55,15 @@ if [ "$files" != "" ] ; then
 		SERVER_NAME="$(sed -nE 's/^SERVER_NAME=(.*)$/\1/p' $file)"
 		FIRST_SERVER="$(echo $SERVER_NAME | cut -d ' ' -f 1)"
 		EMAIL_LETS_ENCRYPT="$(sed -nE 's/^EMAIL_LETS_ENCRYPT=(.*)$/\1/p' $file)"
+		USE_STAGING="$(grep "^USE_LETS_ENCRYPT_STAGING=yes$" $file)"
 		if [ "$EMAIL_LETS_ENCRYPT" = "" ] ; then
 			EMAIL_LETS_ENCRYPT="contact@${FIRST_SERVER}"
 		fi
-		/opt/bunkerized-nginx/jobs/main.py --name certbot-new --domain "$(echo -n $SERVER_NAME | sed 's/ /,/g')" --email "$EMAIL_LETS_ENCRYPT"
+		if [ "$USE_STAGING" = "" ] ; then
+			/opt/bunkerized-nginx/jobs/main.py --name certbot-new --domain "$(echo -n $SERVER_NAME | sed 's/ /,/g')" --email "$EMAIL_LETS_ENCRYPT"
+		else
+			/opt/bunkerized-nginx/jobs/main.py --name certbot-new --domain "$(echo -n $SERVER_NAME | sed 's/ /,/g')" --email "$EMAIL_LETS_ENCRYPT" --staging
+		fi
 		if [ $? -eq 0 ] ; then
 			echo "[*] Certbot new successfully executed for domain(s) $(echo -n $SERVER_NAME | sed 's/ /,/g')"
 		else
diff --git a/jobs/CertbotNew.py b/jobs/CertbotNew.py
index bc2505f..11f573d 100644
--- a/jobs/CertbotNew.py
+++ b/jobs/CertbotNew.py
@@ -2,8 +2,10 @@ from Job import Job
 
 class CertbotNew(Job) :
 
-	def __init__(self, redis_host=None, copy_cache=False, domain="", email="") :
+	def __init__(self, redis_host=None, copy_cache=False, domain="", email="", staging=False) :
 		name = "certbot-new"
 		data = ["certbot", "certonly", "--webroot", "-w", "/opt/bunkerized-nginx/acme-challenge", "-n", "-d", domain, "--email", email, "--agree-tos"]
+		if staging :
+			data.append("--staging")
 		type = "exec"
 		super().__init__(name, data, filename=None, redis_host=redis_host, type=type, copy_cache=copy_cache)
diff --git a/jobs/Job.py b/jobs/Job.py
index 9432627..843ada8 100644
--- a/jobs/Job.py
+++ b/jobs/Job.py
@@ -1,4 +1,4 @@
-import abc, requests, redis, os, datetime, traceback, re, shutil, enum, filecmp
+import abc, requests, redis, os, datetime, traceback, re, shutil, enum, filecmp, subprocess
 
 class JobRet(enum.Enum) :
 	KO		= 0
@@ -41,7 +41,7 @@ class Job(abc.ABC) :
 			elif self._type == "exec" :
 				return self.__exec()
 		except Exception as e :
-			self.__log("exception while running job : " + traceback.format_exc())
+			self._log("exception while running job : " + traceback.format_exc())
 			return JobRet.KO
 		return ret
 
@@ -101,7 +101,7 @@ class Job(abc.ABC) :
 	def __exec(self) :
 		proc = subprocess.run(self._data, capture_output=True)
 		stdout = proc.stdout.decode("ascii")
-		stderr = proc.stderr.decode("err")
+		stderr = proc.stderr.decode("ascii")
 		if len(stdout) > 1 :
 			self._log("stdout = " + stdout)
 		if len(stderr) > 1 :
diff --git a/jobs/main.py b/jobs/main.py
index 8369b5f..609e0b7 100644
--- a/jobs/main.py
+++ b/jobs/main.py
@@ -30,6 +30,7 @@ if __name__ == "__main__" :
 	parser.add_argument("--cache", action="store_true", help="copy data from cache if available")
 	parser.add_argument("--domain", default="", type=str, help="domain(s) for certbot-new job (e.g. : www.example.com or app1.example.com,app2.example.com)")
 	parser.add_argument("--email", default="", type=str, help="email for certbot-new job (e.g. : contact@example.com)")
+	parser.add_argument("--staging", action="store_true", help="use staging server for let's encrypt instead of the production one")
 	parser.add_argument("--dst_cert", default="", type=str, help="certificate path for self-signed-cert job (e.g. : /etc/nginx/default-cert.pem)")
 	parser.add_argument("--dst_key", default="", type=str, help="key path for self-signed-cert job (e.g. : /etc/nginx/default-key.pem)")
 	parser.add_argument("--expiry", default="", type=str, help="number of validity days for self-signed-cert job (e.g. : 365)")
@@ -46,7 +47,7 @@ if __name__ == "__main__" :
 	print("[*] Executing job " + job)
 	ret = 0
 	if job == "certbot-new" :
-		instance = JOBS[job](redis_host=args.redis, copy_cache=args.cache, domain=args.domain, email=args.email)
+		instance = JOBS[job](redis_host=args.redis, copy_cache=args.cache, domain=args.domain, email=args.email, staging=args.staging)
 	elif job == "self-signed-cert" :
 		instance = JOBS[job](redis_host=args.redis, copy_cache=args.cache, dst_cert=args.dst_cert, dst_key=args.dst_key, expiry=args.expiry, subj=args.subj)
 	else :
diff --git a/settings.json b/settings.json
index 770baf8..7e0b9be 100644
--- a/settings.json
+++ b/settings.json
@@ -537,6 +537,15 @@
                 "regex": "^([a-z0-9\\-\\.]+@[a-z\\-0-9\\.]+|.{0})$",
                 "type": "text"
             },
+            {
+                "context": "multisite",
+                "default": "no",
+                "env": "USE_LETS_ENCRYPT_STAGING",
+                "id": "use-lets-encrypt-staging",
+                "label": "Use staging server instead of production one",
+                "regex": "^(yes|no)$",
+                "type": "checkbox"
+            },
             {
                 "context": "multisite",
                 "default": "no",