diff --git a/Cargo.toml b/Cargo.toml
index 4861700..ec1f674 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -2,7 +2,7 @@
 name = "schematics"
 version = "0.1.0"
 authors = ["Adrian Heine <mail@adrianheine.de>"]
-edition = "2021"
+edition = "2018"
 build = "src/build.rs"
 
 [dependencies]
diff --git a/src/build.rs b/src/build.rs
index accc8de..180cce0 100644
--- a/src/build.rs
+++ b/src/build.rs
@@ -46,7 +46,7 @@ pub fn create_static_output_files(source_dir: &str) {
     Err(err) => {
       if err.kind() == NotFound {
       } else {
-        Err(err).unwrap();
+        Err(err).unwrap()
       }
     }
   }
diff --git a/src/builder.rs b/src/builder.rs
index 8cfa7e7..3c80f3a 100644
--- a/src/builder.rs
+++ b/src/builder.rs
@@ -6,7 +6,7 @@ use crate::resources::{
   Resource, ServeCustom, ServePhp, ServeRedir, ServeService, ServeStatic, StoredDirectory,
   SystemdSocketService, User, UserForDomain, WordpressPlugin, WordpressTranslation,
 };
-use crate::static_files::LETS_ENCRYPT_R3;
+use crate::static_files::LETS_ENCRYPT_R3_CROSS_SIGNED;
 use crate::storage::SimpleStorage;
 use crate::storage::Storage;
 use crate::symbols::acme::Cert as CertSymbol;
@@ -33,7 +33,7 @@ use crate::symbols::wordpress::{
   Plugin as WordpressPluginSymbol, Translation as WordpressTranslationSymbol,
 };
 use crate::templates::nginx;
-use crate::templates::php::{fpm_pool_config as php_fpm_pool_config, FpmPoolConfig as PhpFpmPoolConfig};
+use crate::templates::php::fpm_pool_config as php_fpm_pool_config;
 use crate::templates::systemd::{
   nodejs_service as systemd_nodejs_service, socket_service as systemd_socket_service,
 };
@@ -250,16 +250,16 @@ impl<D: AsRef<str> + Clone + Display> ImplementationBuilder<ServeCustom<D>> for
   }
 }
 
-impl<D: Clone + Display, P: AsRef<Path>, C: Clone + Into<PhpFpmPoolConfig>> ImplementationBuilder<ServePhp<D, P, C>> for DefaultBuilder {
+impl<D: Clone + Display, P: AsRef<Path>> ImplementationBuilder<ServePhp<D, P>> for DefaultBuilder {
   type Prerequisites = (
     PhpFpmPool<D>,
     CertChain<D>,
     Key<D>,
     AcmeChallengesNginxSnippet,
   );
-  fn prerequisites(resource: &ServePhp<D, P, C>) -> Self::Prerequisites {
+  fn prerequisites(resource: &ServePhp<D, P>) -> Self::Prerequisites {
     (
-      PhpFpmPool(resource.0.clone(), resource.4.clone().into()),
+      PhpFpmPool(resource.0.clone(), 10),
       CertChain(resource.0.clone()),
       Key(resource.0.clone()),
       AcmeChallengesNginxSnippet,
@@ -271,8 +271,8 @@ impl<D: Clone + Display, P: AsRef<Path>, C: Clone + Into<PhpFpmPoolConfig>> Impl
     ReloadServiceSymbol<StdCommandRunner, StdCommandRunner, &'static str>,
   );
   fn create(
-    resource: &ServePhp<D, P, C>,
-    target: &<ServePhp<D, P, C> as Resource>::Artifact,
+    resource: &ServePhp<D, P>,
+    target: &<ServePhp<D, P> as Resource>::Artifact,
     (pool, cert, key, challenges_snippet_path): <Self::Prerequisites as ToArtifact>::Artifact,
   ) -> Self::Implementation {
     (
@@ -428,7 +428,7 @@ impl<D: Clone> ImplementationBuilder<PhpFpmPool<D>> for DefaultBuilder {
     (
       FileSymbol::new(
         conf_path.clone().into(),
-        php_fpm_pool_config(&user_name.0, &socket_path, &resource.1),
+        php_fpm_pool_config(&user_name.0, &socket_path, resource.1),
       ),
       ReloadServiceSymbol::new(StdCommandRunner, service_name.0.clone()),
     )
@@ -676,7 +676,7 @@ impl ImplementationBuilder<AcmeRootCert> for DefaultBuilder {
     target: &<AcmeRootCert as Resource>::Artifact,
     (): <Self::Prerequisites as ToArtifact>::Artifact,
   ) -> Self::Implementation {
-    FileSymbol::new(target.clone().into(), LETS_ENCRYPT_R3)
+    FileSymbol::new(target.clone().into(), LETS_ENCRYPT_R3_CROSS_SIGNED)
   }
 }
 
diff --git a/src/command_runner.rs b/src/command_runner.rs
index 5f37ca1..b672a4c 100644
--- a/src/command_runner.rs
+++ b/src/command_runner.rs
@@ -181,7 +181,7 @@ where
 {
   async fn run(&self, program: &str, args: &[&OsStr], input: &str) -> IoResult<Output> {
     let raw_new_args = [self.user_name, "-s", "/usr/bin/env", "--", program];
-    let mut new_args: Vec<&OsStr> = raw_new_args.iter().map(AsRef::as_ref).collect();
+    let mut new_args: Vec<&OsStr> = raw_new_args.iter().map(|s| s.as_ref()).collect();
     new_args.extend_from_slice(args);
     self.command_runner.run("su", &new_args, input).await
   }
diff --git a/src/locator.rs b/src/locator.rs
index 6633d4e..31e8aea 100644
--- a/src/locator.rs
+++ b/src/locator.rs
@@ -243,7 +243,7 @@ impl<P: Policy> ResourceLocator<AcmeRootCert> for DefaultLocator<P> {
     let acme_user = P::acme_user();
     let home = P::user_home(acme_user);
     (
-      PathArtifact::from(home.join("lets_encrypt_r3.pem")),
+      PathArtifact::from(home.join("lets_encrypt_r3_cross_signed.pem")),
       Dir(home),
     )
   }
@@ -298,11 +298,11 @@ impl<D: AsRef<Path>, POLICY> ResourceLocator<ServeCustom<D>> for DefaultLocator<
   }
 }
 
-impl<D: AsRef<Path>, P, C, POLICY> ResourceLocator<ServePhp<D, P, C>> for DefaultLocator<POLICY> {
+impl<D: AsRef<Path>, P, POLICY> ResourceLocator<ServePhp<D, P>> for DefaultLocator<POLICY> {
   type Prerequisites = ();
   fn locate(
-    resource: &ServePhp<D, P, C>,
-  ) -> (<ServePhp<D, P, C> as Resource>::Artifact, Self::Prerequisites) {
+    resource: &ServePhp<D, P>,
+  ) -> (<ServePhp<D, P> as Resource>::Artifact, Self::Prerequisites) {
     (
       PathArtifact::from(Path::new("/etc/nginx/sites-enabled/").join(&resource.0)),
       (),
diff --git a/src/resources/mod.rs b/src/resources/mod.rs
index d8837f5..75f6d3e 100644
--- a/src/resources/mod.rs
+++ b/src/resources/mod.rs
@@ -2,7 +2,6 @@ use crate::artifacts::{
   DatabaseName as DatabaseNameArtifact, Path as PathArtifact, ServiceName as ServiceNameArtifact,
   UserName as UserNameArtifact,
 };
-use crate::templates::php::FpmPoolConfig;
 use std::hash::Hash;
 use std::path::PathBuf;
 
@@ -147,14 +146,8 @@ impl<D> Resource for ServeCustom<D> {
 }
 
 #[derive(Debug, Hash, PartialEq, Eq)]
-pub struct ServePhp<D, P, C>(
-  pub D,
-  pub P,
-  pub &'static str,
-  pub String,
-  pub C,
-);
-impl<D, P, C> Resource for ServePhp<D, P, C> {
+pub struct ServePhp<D, P>(pub D, pub P, pub &'static str, pub String, pub usize);
+impl<D, P> Resource for ServePhp<D, P> {
   type Artifact = PathArtifact;
 }
 
@@ -184,7 +177,7 @@ impl Resource for DefaultServer {
 }
 
 #[derive(Debug, Hash, PartialEq, Eq)]
-pub struct PhpFpmPool<D>(pub D, pub FpmPoolConfig);
+pub struct PhpFpmPool<D>(pub D, pub usize);
 impl<D> Resource for PhpFpmPool<D> {
   type Artifact = (
     PathArtifact,
@@ -282,7 +275,6 @@ macro_rules! default_resources {
   }
 }
 
-// Only one enum entry per resource type, otherwise the equality checks fail
 default_resources!(
   AcmeAccountKey: AcmeAccountKey,
   AcmeChallengesDir: AcmeChallengesDir,
@@ -309,7 +301,7 @@ default_resources!(
   PhpFpmPool: PhpFpmPool<D>,
   ServeCustom: ServeCustom<D>,
   ServeService: ServeService<D, PathBuf>,
-  ServePhp: ServePhp<D, PathBuf, FpmPoolConfig>,
+  ServePhp: ServePhp<D, PathBuf>,
   ServeRedir: ServeRedir<D>,
   ServeStatic: ServeStatic<D, PathBuf>,
   StoredDirectory: StoredDirectory<PathBuf>,
@@ -318,8 +310,3 @@ default_resources!(
   WordpressPlugin: WordpressPlugin<PathBuf>,
   WordpressTranslation: WordpressTranslation<PathBuf>,
 );
-
-pub fn serve_php<D, P: Into<PathBuf>, C: Into<FpmPoolConfig>>(domain: D, path: P, root_filename: &'static str, nginx_config: impl Into<String>, pool_config: C) -> ServePhp<D, PathBuf, FpmPoolConfig> {
-  ServePhp(
-    domain, path.into(), root_filename, nginx_config.into(), pool_config.into())
-}
diff --git a/src/symbols/mariadb/dump.rs b/src/symbols/mariadb/dump.rs
index 11accac..1b503fa 100644
--- a/src/symbols/mariadb/dump.rs
+++ b/src/symbols/mariadb/dump.rs
@@ -36,7 +36,7 @@ impl<N: AsRef<str>, C: CommandRunner, S: Storage> Symbol for Dump<'_, N, C, S> {
     let dump_date = self.storage.recent_date()?;
     let output = self.run_sql(&format!("select UNIX_TIMESTAMP(MAX(UPDATE_TIME)) from information_schema.tables WHERE table_schema = '{}'", self.db_name.as_ref())).await?;
     let modified_date = output.trim_end();
-    Ok(modified_date == "NULL" || u64::from_str(modified_date)? <= dump_date)
+    Ok(modified_date != "NULL" && u64::from_str(modified_date)? <= dump_date)
   }
 
   async fn execute(&self) -> Result<(), Box<dyn Error>> {
diff --git a/src/templates/php.rs b/src/templates/php.rs
index d131fe2..87fc6bf 100644
--- a/src/templates/php.rs
+++ b/src/templates/php.rs
@@ -1,40 +1,9 @@
-use std::fmt::{Display, Error, Formatter};
 use std::path::Path;
 
-#[derive(Clone, Debug, PartialEq, Hash, Eq)]
-pub struct FpmPoolConfig {
-  max_children: usize,
-  custom: Option<String>,
-}
-
-impl Display for FpmPoolConfig {
-  fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error> {
-    match &self.custom {
-      None => write!(f, "pm.max_children = {}", self.max_children),
-      Some(custom) => write!(f, "pm.max_children = {}\n{}", self.max_children, custom),
-    }
-  }
-}
-
-impl From<usize> for FpmPoolConfig {
-  fn from(max_children: usize) -> Self {
-    Self {
-      max_children,
-      custom: None,
-    }
-  }
-}
-
-impl FpmPoolConfig {
-  pub fn new(max_children: usize, custom: impl Into<String>) -> Self {
-    Self { max_children, custom: Some(custom.into()) }
-  }
-}
-
 pub fn fpm_pool_config<U: AsRef<str>, S: AsRef<Path>>(
   user_name: U,
   socket_path: S,
-  config: &FpmPoolConfig,
+  max_children: usize,
 ) -> String {
   format!(
     "[{0}]
@@ -44,12 +13,12 @@ group = www-data
 listen = {1}
 listen.owner = www-data
 pm = ondemand
+pm.max_children = {2}
 catch_workers_output = yes
 env[PATH] = /usr/local/bin:/usr/bin:/bin
-{2}
 ",
     user_name.as_ref(),
     socket_path.as_ref().to_str().unwrap(),
-    config
+    max_children,
   )
 }
diff --git a/static_files/lets_encrypt_r3.pem b/static_files/lets_encrypt_r3.pem
deleted file mode 100644
index 43b222a..0000000
--- a/static_files/lets_encrypt_r3.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
-TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
-cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
-WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
-RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
-R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
-sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
-NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
-Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
-/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
-AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
-Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
-FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
-AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
-Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
-gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
-PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
-ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
-CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
-lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
-avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
-yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
-yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
-hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
-HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
-MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
-nLRbwHOoq7hHwg==
------END CERTIFICATE-----
diff --git a/static_files/lets_encrypt_r3_cross_signed.pem b/static_files/lets_encrypt_r3_cross_signed.pem
new file mode 100644
index 0000000..1d82449
--- /dev/null
+++ b/static_files/lets_encrypt_r3_cross_signed.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
+MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
+AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
+jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
+Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
+U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
+gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
+/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
+oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
+BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
+ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
+p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
+AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
+Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
+LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
+r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
+ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
+S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
+qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
+O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
+UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
+-----END CERTIFICATE-----