diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 3160f44..fdf4d58 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -3,7 +3,7 @@ name: Deploy Website
 on:
   push:
     branches:
-      - main  # change if your main branch is different
+      - main   # change if your main branch is different
 
 jobs:
   deploy:
@@ -12,41 +12,48 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      # Debug step (optional)
-      - name: Debug environment
+      # ---- Debug info ----
+      - name: Debug secrets and env
         run: |
           echo "Host: ${DEPLOY_HOST}"
           echo "User: ${DEPLOY_USER}"
           echo "Port: ${DEPLOY_PORT:-22}"
           if [ -n "${DEPLOY_KEY}" ]; then
-            echo "✅ DEPLOY_KEY is set"
+            echo "✅ DEPLOY_KEY appears set (length: ${#DEPLOY_KEY})"
           else
-            echo "❌ DEPLOY_KEY is missing!"
+            echo "❌ DEPLOY_KEY is empty!"
+            exit 1
           fi
         env:
+          DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
           DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
           DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
-          DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
           DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}
 
-      # Set up SSH key safely
+      # ---- SSH setup ----
       - name: Set up SSH key
         run: |
           set -e
           mkdir -p ~/.ssh
+          chmod 700 ~/.ssh
           printf "%s" "${DEPLOY_KEY}" > ~/.ssh/id_rsa
           chmod 600 ~/.ssh/id_rsa
-          ssh-keyscan -p "${DEPLOY_PORT:-22}" -H "${DEPLOY_HOST}" >> ~/.ssh/known_hosts
+
+          echo "🔑 Testing ssh-keyscan on ${DEPLOY_HOST}:${DEPLOY_PORT:-22}"
+          if ! ssh-keyscan -p "${DEPLOY_PORT:-22}" -H "${DEPLOY_HOST}" >> ~/.ssh/known_hosts 2>/dev/null; then
+            echo "⚠️ ssh-keyscan failed (host unreachable?)"
+          fi
         env:
           DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
           DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
           DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}
 
-      # Deploy site files with rsync over custom port
+      # ---- Deploy via rsync ----
       - name: Deploy website via rsync
         run: |
-          echo "🚀 Deploying files to ${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH} (port ${DEPLOY_PORT:-22})"
-          rsync -avz -e "ssh -p ${DEPLOY_PORT:-22}" --delete ./ ${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH}
+          echo "🚀 Deploying to ${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH} (port ${DEPLOY_PORT:-22})"
+          rsync -avz -e "ssh -p ${DEPLOY_PORT:-22}" --delete ./ \
+            ${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH}
         env:
           DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
           DEPLOY_USER: ${{ secrets.DEPLOY_USER }}