diff --git a/systemd/script/crontab.sh b/systemd/script/crontab.sh
index ad411916..cffea1f7 100644
--- a/systemd/script/crontab.sh
+++ b/systemd/script/crontab.sh
@@ -4,6 +4,9 @@ PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
 cockpit_port="9000"
 container_name="websoft9-apphub"
 volume_name="websoft9_apphub_config"
+cockpit_service_path="/lib/systemd/system/cockpit.socket"
+cockpit_ssl_path="/etc/cockpit/ws-certs.d/"
+npm_ssl_path="/var/lib/docker/volumes/websoft9_nginx_data/_data/custom_ssl/"
 
 # get volume from container
 function get_volume_path() {
@@ -30,11 +33,10 @@ function get_volume_path() {
 }
 volume_path=$(get_volume_path "$container_name" "$volume_name")
 config_path="$volume_path/config.ini"
-cockpit_service_path="/lib/systemd/system/cockpit.socket"
 FILES="$cockpit_service_path $config_path"
 
-# sync cockpit port from config.ini
-sync_cockpit_port_fromconfig() {
+sync_cockpit_port() {
+    echo "sync cockpit port from config.ini"
     set +e
     cockpit_port=$(docker exec -i websoft9-apphub apphub getconfig --section cockpit --key port)
     listen_stream=$(grep -Po 'ListenStream=\K[0-9]*' /lib/systemd/system/cockpit.socket)
@@ -59,22 +61,23 @@ set_Firewalld(){
 
 force_sync(){
     echo "Force sync cockpit port and certs"
-    sync_cockpit_port_fromconfig
-    cp -r /etc/cockpit/ws-certs.d/* /var/lib/docker/volumes/websoft9_nginx_data/_data/custom_ssl/
+    sync_cockpit_port
+    cp -r "${cockpit_ssl_path}"* $npm_ssl_path
 }
 
 # when websoft9 restart, force sync cockpit port and certs
 force_sync
 
-# monitor /lib/systemd/system/cockpit.socket and config.ini, make sure config.ini port is the same with cockpit.socket
+# monitor cockpit.socket and config.ini, make sure port at config.ins sync to cockpit.socket
 inotifywait -e modify,attrib -m $FILES | while read PATH EVENT FILE; do
-    echo "Set cockpit port by config.ini..."
+    echo "Reset cockpit port when config.ini changed"
     export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH
-    sync_cockpit_port_fromconfig
+    sync_cockpit_port
 done
 
-# monitor /etc/cockpit/ws-certs.d and copy files to /var/lib/docker/volumes/websoft9_nginx_data/_data/custom_ssl
-inotifywait -e create,modify,delete,attrib -m /etc/cockpit/ws-certs.d | while read PATH EVENT FILE; do
-    echo "Copying files from /etc/cockpit/ws-certs.d to /var/lib/docker/volumes/websoft9_nginx_data/_data/custom_ssl..."
-    cp -r /etc/cockpit/ws-certs.d/* /var/lib/docker/volumes/websoft9_nginx_data/_data/custom_ssl/
+# monitor cockpit ssl path and sync to NPM ssl path if changed
+inotifywait -e create,modify,delete,attrib -m $cockpit_ssl_path | while read PATH EVENT FILE; do
+    echo "Sync CA files from cockipt to NPM when changed"
+    export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH
+    cp -r "${cockpit_ssl_path}"* $npm_ssl_path
 done
\ No newline at end of file