diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 475c23c..610e194 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,18 +8,27 @@ on:
       - completed
     branches:
       - main
-    status:
-      - success
 
 jobs:
   release:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
     steps:
+      - name: Generate token
+        id: generate_token
+        uses: tibdex/github-app-token@v2
+        with:
+          app_id: ${{ secrets.RELEASE_APP_ID }}
+          private_key: ${{ secrets.RELEASE_PRIVATE_KEY }}
       - name: Checkout
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: Semantic Release
+          token: ${{ steps.generate_token.outputs.token }}
+      - name: Run semantic-release
         uses: cycjimmy/semantic-release-action@v4
         with:
           extra_plugins: |
@@ -31,4 +40,4 @@ jobs:
             @semantic-release/github
             conventional-changelog-conventionalcommits
         env:
-          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
diff --git a/acme_sh/cert.sls b/acme_sh/cert.sls
index 5807244..6ab6233 100644
--- a/acme_sh/cert.sls
+++ b/acme_sh/cert.sls
@@ -38,6 +38,9 @@ acme_sh_cert_{{ user }}_{{ domain }}:
       {%- if cert_config.get('insecure') %}
     - insecure: {{ cert_config['insecure'] }}
       {%- endif %}
+      {%- if cert_config.get('retry') %}
+    - retry: {{ cert_config['retry'] }}
+      {%- endif %}
     {%- endfor %}
   {%- endif %}
 {%- endfor %}
diff --git a/test/salt/pillar/acme_sh.sls b/test/salt/pillar/acme_sh.sls
index 6f27f70..7b3ddfc 100644
--- a/test/salt/pillar/acme_sh.sls
+++ b/test/salt/pillar/acme_sh.sls
@@ -1,7 +1,8 @@
 ---
 {%- set os = grains['os'] | lower %}
 {%- set osrelease = grains['osrelease'] | regex_replace('(\.)', '') | lower %}
-{%- set release_str = os + osrelease %}
+{%- set saltrelease = grains['saltversion'] | regex_replace('(\.)', '') %}
+{%- set release_str = os + osrelease + saltrelease %}
 _release_str: {{ release_str }}
 acme_sh:
   vagrant:
@@ -13,6 +14,8 @@ acme_sh:
         keysize: '4096'
         server: letsencrypt_test
         cert_path: /home/vagrant/crt
+        retry:
+          attempts: 3
       standalone.gn98.de:
         acme_mode: standalone
         server: https://localhost:14000/dir