diff --git a/letsencrypt/renewer.py b/letsencrypt/renewer.py
index 47fbefcf8..e55bb9fcb 100644
--- a/letsencrypt/renewer.py
+++ b/letsencrypt/renewer.py
@@ -169,11 +169,6 @@ def main(config=None, args=sys.argv[1:]):
             # user about the existence of an invalid or corrupt renewal
             # config rather than simply ignoring it.
             continue
-        if cert.should_autodeploy():
-            cert.update_all_links_to(cert.latest_common_version())
-            # TODO: restart web server (invoke IInstaller.restart() method)
-            notify.notify("Autodeployed a cert!!!", "root", "It worked!")
-            # TODO: explain what happened
         if cert.should_autorenew():
             # Note: not cert.current_version() because the basis for
             # the renewal is the latest version, even if it hasn't been
@@ -182,3 +177,8 @@ def main(config=None, args=sys.argv[1:]):
             renew(cert, old_version)
             notify.notify("Autorenewed a cert!!!", "root", "It worked!")
             # TODO: explain what happened
+        if cert.should_autodeploy():
+            cert.update_all_links_to(cert.latest_common_version())
+            # TODO: restart web server (invoke IInstaller.restart() method)
+            notify.notify("Autodeployed a cert!!!", "root", "It worked!")
+            # TODO: explain what happened
diff --git a/tests/boulder-integration.sh b/tests/boulder-integration.sh
index 75fa76f6e..9695aa288 100755
--- a/tests/boulder-integration.sh
+++ b/tests/boulder-integration.sh
@@ -51,5 +51,5 @@ for x in cert chain fullchain privkey;
 do
     latest="$(ls -1t $dir/ | grep -e "^${x}" | head -n1)"
     live="$(readlink -f "$root/conf/live/le.wtf/${x}.pem")"
-    #[ "${dir}/${latest}" = "$live" ]  # renewer fails this test
+    [ "${dir}/${latest}" = "$live" ]
 done