Certificates only get (re)generated if they don't exist

At present, certificates don't get updated on site verify tasks when the files are present. This doesn't handle the case where the files exist, but the certificate is expired. We should always attempt to generate new certificates. The upstream Dehydrated script will bail if we're not close to the expiry date, and just keep the existing files, which is what we want.