diff --git a/scripts/render-shared-ols-config.sh b/scripts/render-shared-ols-config.sh
index 8cbc6bc..873d121 100644
--- a/scripts/render-shared-ols-config.sh
+++ b/scripts/render-shared-ols-config.sh
@@ -43,8 +43,14 @@ mkdir -p "$SITES_ROOT" "$LSCACHE_ROOT"
 ## into $TMP and atomically `mv` into place at the end, so any concurrent OLS
 ## restart always sees a COMPLETE config (the old one until the instant of mv).
 exec 9>"$LSWS_CONF/.render.lock"
-flock 9 || { echo "render-shared-ols: could not acquire render lock" >&2; exit 1; }
+## Bounded wait (-w): if a previous render is hung, fail after 30s rather than
+## blocking the panel's `docker exec` call (and thus the site-save request)
+## indefinitely. The caller re-tries on the next change.
+flock -w 30 9 || { echo "render-shared-ols: could not acquire render lock within 30s" >&2; exit 1; }
 trap 'rm -f "$TMP"' EXIT
+## Sweep any stale temp configs left by a prior SIGKILL (trap EXIT doesn't run on
+## SIGKILL); each render uses a unique $$ suffix so this never races a live render.
+rm -f "$LSWS_CONF"/.httpd_config.conf.tmp.* 2>/dev/null || true
 ## From here on, build into $TMP (not $OUT).
 
 ## --- 1. start from a pristine stock config (idempotent) ---