diff --git a/binary/script/build_and_pr.sh b/binary/script/build_and_pr.sh
index 5eedfdb..fdbdc3a 100755
--- a/binary/script/build_and_pr.sh
+++ b/binary/script/build_and_pr.sh
@@ -6,6 +6,9 @@ set -uxo pipefail
 tracked_files=(
     "./script/build_ipxe.sh"
     "./script/build_and_pr.sh"
+    "./script/ipxe-customizations/ca.pem"
+    "./script/ipxe-customizations/isrgrootx1.pem"
+    "./script/ipxe-customizations/lets-encrypt-r3.pem"
     "./script/ipxe-customizations/console.h"
     "./script/ipxe-customizations/isa.h"
     "./script/ipxe-customizations/colour.h"
diff --git a/binary/script/build_ipxe.sh b/binary/script/build_ipxe.sh
index 7e67033..dc27c49 100755
--- a/binary/script/build_ipxe.sh
+++ b/binary/script/build_ipxe.sh
@@ -4,6 +4,10 @@
 
 set -eux
 
+#XXX Workaround for https://github.com/ipxe/ipxe/issues/606
+CERT=ca.pem,isrgrootx1.pem,lets-encrypt-r3.pem
+TRUST=ca.pem,isrgrootx1.pem,lets-encrypt-r3.pem
+
 # build_ipxe will run the make target in the upstream ipxe source
 # that will build an ipxe binary.
 function build_ipxe() {
@@ -13,9 +17,9 @@ function build_ipxe() {
     local embed_path="$4"
 
     if [ -z "${env_opts}" ]; then
-        make -C "${ipxe_dir}"/src EMBED="${embed_path}" "${ipxe_bin}"
+        make -C "${ipxe_dir}"/src EMBED="${embed_path}" CERT="${CERT}" TRUST="${TRUST}" "${ipxe_bin}"
     else
-        make -C "${ipxe_dir}"/src "${env_opts}" EMBED="${embed_path}" "${ipxe_bin}"
+        make -C "${ipxe_dir}"/src "${env_opts}" EMBED="${embed_path}" CERT="${CERT}" TRUST="${TRUST}" "${ipxe_bin}"
     fi
 }
 
@@ -43,6 +47,8 @@ function copy_common_files() {
     cp -a binary/script/ipxe-customizations/common.h "${ipxe_dir}"/src/config/local/
     cp -a binary/script/ipxe-customizations/console.h "${ipxe_dir}"/src/config/local/
     cp -a binary/script/ipxe-customizations/crypto.h "${ipxe_dir}"/src/config/local/
+    #XXX Workaround for https://github.com/ipxe/ipxe/issues/606
+    cp -a binary/script/ipxe-customizations/{ca.pem,isrgrootx1.pem,lets-encrypt-r3.pem} "${ipxe_dir}"/src
 }
 
 # copy_custom_files will copy in any custom header files based on a requested ipxe binary.
diff --git a/binary/script/ipxe-customizations/ca.pem b/binary/script/ipxe-customizations/ca.pem
new file mode 100644
index 0000000..bcf0f1d
--- /dev/null
+++ b/binary/script/ipxe-customizations/ca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIJAOUs9VegI2JNMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNV
+BAYTAkdCMRcwFQYDVQQIDA5DYW1icmlkZ2VzaGlyZTESMBAGA1UEBwwJQ2FtYnJp
+ZGdlMRgwFgYDVQQKDA9GZW4gU3lzdGVtcyBMdGQxETAPBgNVBAsMCGlweGUub3Jn
+MRUwEwYDVQQDDAxpUFhFIHJvb3QgQ0EwHhcNMTIwMzE4MjE0NDAyWhcNMzIwMzE4
+MjE0NDAyWjB+MQswCQYDVQQGEwJHQjEXMBUGA1UECAwOQ2FtYnJpZGdlc2hpcmUx
+EjAQBgNVBAcMCUNhbWJyaWRnZTEYMBYGA1UECgwPRmVuIFN5c3RlbXMgTHRkMREw
+DwYDVQQLDAhpcHhlLm9yZzEVMBMGA1UEAwwMaVBYRSByb290IENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfgIKqmWkKZE7wE5R7mP5LTZtrWsfU2q
+SASga8TutHHqfvncAK36+ZFHLY8/UJtjbkP3q0tPmIRmJfeM2QLM3WxdM5+AWm50
+3TQOrYdWPI/z2sTBWe5hT/+G19Vpo56KGsDB2Vrs4BOaF7maxhY+IrjMzZVfsEEj
+bd8EfsyJ2NYeXZT6UTOsz6rZ5xzfGkv8O3AU/zFGZjIk8wMsUuDnsTxayv5KfYcZ
+0E0r9snhrDh51uljxZCeCN1q+82R7/GnBR74EKT8CKPErXsBmnO7cYWRvaXIaQME
+hou6Ouli30YjNZPvbhMxRck4+lSF9KN209L/1nfvlw3MCAGfc662jQIDAQABo1Aw
+TjAdBgNVHQ4EFgQUq0EwXAuzDHEHMTwzdkSYHFHUKnIwHwYDVR0jBBgwFoAUq0Ew
+XAuzDHEHMTwzdkSYHFHUKnIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC
+AQEAhSUqCQUYWJZm/Z/NTSnxGl/WqYJK3EDBXnjzeRMaGqMm93cXK8lkMMloh3Ae
+MbkicQquDRPhyvjbN0DFtqI6lDY3miASN5E/yRU5TBLASl3NxwnzgxXIcg329KW8
+MoBdZuxn9yTfUfbelz7JKkjJmXP+N3UoDj0cAWZobsR4DvX5pBNgBT896sDZ7CFI
+qPYZruUDMcB6o2OcoXShb9brsfITaxSwWMr44gq6dC2AdPG05g1GcIZfVAcLd3oB
+8JBNr9gcIDqfnSP7Bk9KluBAyI3vYP/Bde3+8qmG5Fvc1klT9bT/vTTTTGBg9TBa
+qt6NlOwi8JtdnW4eSsCEuHgvlA==
+-----END CERTIFICATE-----
diff --git a/binary/script/ipxe-customizations/isrgrootx1.pem b/binary/script/ipxe-customizations/isrgrootx1.pem
new file mode 100644
index 0000000..b85c803
--- /dev/null
+++ b/binary/script/ipxe-customizations/isrgrootx1.pem
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
+WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
+ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
+MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
+h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
+0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
+A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
+T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
+B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
+B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
+KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
+OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
+jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
+qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
+rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
+hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
+3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
+NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
+ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
+TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
+jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
+oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
+4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
+mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
+emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----
diff --git a/binary/script/ipxe-customizations/lets-encrypt-r3.pem b/binary/script/ipxe-customizations/lets-encrypt-r3.pem
new file mode 100644
index 0000000..43b222a
--- /dev/null
+++ b/binary/script/ipxe-customizations/lets-encrypt-r3.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
+WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
+R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
+sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
+NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
+Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
+/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
+FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
+AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
+Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
+gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
+PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
+ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
+CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
+lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
+avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
+yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
+yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
+hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
+HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
+MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
+nLRbwHOoq7hHwg==
+-----END CERTIFICATE-----