diff --git a/npm_install.py b/npm_install.py
index e26fadf..9b2555c 100644
--- a/npm_install.py
+++ b/npm_install.py
@@ -237,28 +237,38 @@ def setup_certbot_venv(venv_dir: Path = Path("/opt/certbot")):
     PYENV_ROOT.mkdir(parents=True, exist_ok=True)
     run(["chown", "-R", f"{PYENV_OWNER}:{PYENV_OWNER}", "/opt/npm"], check=False)
 
+
     pyenv_bin = next((c for c in PYENV_BIN_CANDIDATES if shutil.which(c)), None)
     if not pyenv_bin:
         raise RuntimeError("Nie znaleziono 'pyenv' (spróbuj /usr/bin/pyenv lub /usr/lib/pyenv/bin/pyenv).")
 
     env_pyenv = os.environ.copy()
-    env_pyenv["PYENV_ROOT"] = str(PYENV_ROOT)
-
+    env_pyenv.update({
+        "HOME": "/opt/npm",
+        "PYENV_ROOT": str(PYENV_ROOT),
+        "PATH": "/usr/lib/pyenv/bin:/usr/bin:/bin" 
+    })
     with step(f"Installing Python {PYTHON_VERSION} via pyenv into {PYENV_ROOT}"):
         run([
-            "sudo", "-u", PYENV_OWNER, "-H",
-            "env", f"PYENV_ROOT={PYENV_ROOT}", pyenv_bin,
-            "install", "-s", PYTHON_VERSION
-        ], env=env_pyenv)
+            "sudo", "-u", PYENV_OWNER, "-s", "env",
+            f"HOME={env_pyenv['HOME']}",
+            f"PYENV_ROOT={env_pyenv['PYENV_ROOT']}",
+            f"PATH={env_pyenv['PATH']}",
+            pyenv_bin, "install", "-s", PYTHON_VERSION
+        ], env=env_pyenv, cwd="/opt/npm")
 
     profile_snippet = f"""# Auto-generated by setup_certbot_venv
-# Ustawienia pyenv dla uzytkownika 'npm'
+# Ustawienia pyenv dla uzytkownika '{PYENV_OWNER}'
 if [ -d "{PYENV_ROOT}" ]; then
   export PYENV_ROOT="{PYENV_ROOT}"
-  export PATH="$PYENV_ROOT/bin:$PATH"
-  # Inicjalizacja tylko dla interaktywnych powlok uzytkownika 'npm'
+  # Dopnij lokalne binarki pyenv (git-install) idempotentnie
+  case ":$PATH:" in *":$PYENV_ROOT/bin:"*) ;; *) PATH="$PYENV_ROOT/bin:$PATH";; esac
+  # Dopnij systemowe binarki pyenv z pakietu Debiana idempotentnie
+  case ":$PATH:" in *":/usr/lib/pyenv/bin:"*) ;; *) PATH="/usr/lib/pyenv/bin:$PATH";; esac
+  export PATH
+  # Inicjalizacja tylko dla interaktywnych powlok uzytkownika '{PYENV_OWNER}'
   case "$-" in *i*) _interactive=1 ;; *) _interactive=0 ;; esac
-  if [ "${{_interactive}}" = 1 ] && [ "${{USER:-}}" = "{PYENV_OWNER}" -o "${{SUDO_USER:-}}" = "{PYENV_OWNER}" ]; then
+  if [ "$_interactive" = 1 ] && {{ [ "${{USER:-}}" = "{PYENV_OWNER}" ] || [ "${{SUDO_USER:-}}" = "{PYENV_OWNER}" ]; }}; then
     if command -v pyenv >/dev/null 2>&1; then
       eval "$(pyenv init -)"
     elif [ -x "{PYENV_ROOT}/bin/pyenv" ]; then
@@ -306,6 +316,7 @@ fi
 
     run(["chown", "-R", f"{PYENV_OWNER}:{PYENV_OWNER}", str(PYENV_ROOT)], check=False)
 
+
 def configure_letsencrypt():
     with step("configure letsencrypt"):
         run(["chown", "-R", "npm:npm", "/opt/certbot"], check=False)