diff --git a/buildbot/buildbot_steps.sh b/buildbot/buildbot_steps.sh
index 60b13fe..d51099e 100755
--- a/buildbot/buildbot_steps.sh
+++ b/buildbot/buildbot_steps.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 
+LE_CERT=isrg-root-x1.pem,isrg-root-x2.pem
 
 function clone_ipxe_upstream() {
     local ipxe_src_dir="$1"
@@ -47,7 +48,8 @@ function sed_enabled_ipxe_features() {
     done 
 
     echo "Downloading default iPXE CA certificate"
-    wget -O ipxe_root_ca.crt https://ipxe.org/_media/certs/ca.crt
+    cd ipxe/src
+    wget https://letsencrypt.org/certs/isrg-root-x{1,2}.pem
 
     return 0
 }
@@ -82,7 +84,7 @@ function make_ipxe_lkrn() {
     curr="$(pwd)"
     cd "${ipxe_src_dir}/src/" || return 1
 
-    make bin/ipxe.lkrn EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" DEBUG=x509:15 || return 2
+    make bin/ipxe.lkrn EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" DEBUG=x509 || return 2
 
     cd "$curr"
     return 0
@@ -118,7 +120,7 @@ function make_ipxe_iso() {
     curr="$(pwd)"
     cd "${ipxe_src_dir}/src/" || return 1
 
-    make bin/ipxe.iso EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" DEBUG=x509:15 || return 2
+    make bin/ipxe.iso EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" DEBUG=x509 || return 2
 
     cd "$curr"
     return 0
@@ -154,7 +156,7 @@ function make_ipxe_dsk() {
     curr="$(pwd)"
     cd "${ipxe_src_dir}/src/" || return 1
 
-    make bin/ipxe.usb EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" || return 2
+    make bin/ipxe.usb EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
 
     cd "$curr"
     return 0
@@ -190,7 +192,7 @@ function make_ipxe_pxe() {
     curr="$(pwd)"
     cd "${ipxe_src_dir}/src/" || return 1
 
-    make bin/ipxe.pxe EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" || return 2
+    make bin/ipxe.pxe EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
 
     cd "$curr"
     return 0
@@ -230,7 +232,7 @@ function make_ipxe_efi() {
     curr="$(pwd)"
     cd "${ipxe_src_dir}/src/" || return 1
 
-    make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" || return 2
+    make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
     mv bin-x86_64-efi/ipxe.efi bin/
     sbsign --key ${efi_key} --cert ${efi_cert} --output bin/ipxe.efi bin/ipxe.efi