diff --git a/renew-le.sh b/renew-le.sh
index 9783877..226496a 100755
--- a/renew-le.sh
+++ b/renew-le.sh
@@ -40,7 +40,8 @@ letsencrypt certonly --standalone --csr "$WORKDIR/httpd-csr.der" --email "$EMAIL
 
 # replace the cert
 cp /var/lib/ipa/certs/httpd.crt /var/lib/ipa/certs/httpd.crt.bkp
-mv -f "$WORKDIR/0000_cert.pem" /var/lib/ipa/certs/httpd.crt
+cat "$WORKDIR/0000_cert.pem" "$WORKDIR/0001_chain.pem" > "$WORKDIR/full_chain.pem"
+mv -f "$WORKDIR/full_chain.pem" /var/lib/ipa/certs/httpd.crt
 restorecon -v /var/lib/ipa/certs/httpd.crt
 
 # start httpd with the new cert
diff --git a/setup-le.sh b/setup-le.sh
index ea2a694..a07c22f 100755
--- a/setup-le.sh
+++ b/setup-le.sh
@@ -4,6 +4,7 @@ set -o nounset -o errexit
 FQDN=$(hostname -f)
 WORKDIR=$(dirname "$(realpath $0)")
 CERTS=("isrgrootx1.pem" "isrg-root-x2.pem" "lets-encrypt-r3.pem" "lets-encrypt-e1.pem" "lets-encrypt-r4.pem" "lets-encrypt-e2.pem")
+CERTS2=("e5.pem" "e6.pem" "r10.pem" "r11.pem")
 
 sed -i "s/server.example.test/$FQDN/g" $WORKDIR/ipa-httpd.cnf
 
@@ -26,6 +27,18 @@ do
   ipa-cacert-manage install "/etc/ssl/$FQDN/$CERT"
 done
 
+for CERT2 in "${CERTS2[@]}"
+do
+  if command -v wget &> /dev/null
+  then
+    wget -O "/etc/ssl/$FQDN/$CERT2" "https://letsencrypt.org/certs/2024/$CERT2"
+  elif command -v curl &> /dev/null
+  then
+    curl -o "/etc/ssl/$FQDN/$CERT2" "https://letsencrypt.org/certs/2024/$CERT2"
+  fi
+  ipa-cacert-manage install "/etc/ssl/$FQDN/$CERT2"
+done
+
 ipa-certupdate
 
-"$WORKDIR/renew-le.sh" --first-time
+"$WORKDIR/renew-le.sh" --first-time
\ No newline at end of file