diff --git a/global/overlay/etc/puppet/modules/cdn/files/mqtt/sunet-cdn-mqtt b/global/overlay/etc/puppet/modules/cdn/files/mqtt/sunet-cdn-mqtt
index 3a94601..ffdc5e2 100755
--- a/global/overlay/etc/puppet/modules/cdn/files/mqtt/sunet-cdn-mqtt
+++ b/global/overlay/etc/puppet/modules/cdn/files/mqtt/sunet-cdn-mqtt
@@ -9,15 +9,10 @@ set -eu
 le_dir="/etc/letsencrypt/live/$(hostname -f)"
 mosquitto_dir="/etc/mosquitto"
 
-le_chain="$le_dir/chain.pem"
-mosquitto_chain="$mosquitto_dir/ca_certificates/chain.pem"
-cp "$le_chain" "$mosquitto_chain"
-chown mosquitto:root "$mosquitto_chain"
-
-le_cert="$le_dir/cert.pem"
-mosquitto_cert="$mosquitto_dir/certs/cert.pem"
-cp "$le_cert" "$mosquitto_cert"
-chown mosquitto:root "$mosquitto_cert"
+le_fullchain="$le_dir/fullchain.pem"
+mosquitto_fullchain="$mosquitto_dir/certs/fullchain.pem"
+cp "$le_fullchain" "$mosquitto_fullchain"
+chown mosquitto:root "$mosquitto_fullchain"
 
 le_key="$le_dir/privkey.pem"
 mosquitto_key="$mosquitto_dir/certs/privkey.pem"
diff --git a/global/overlay/etc/puppet/modules/cdn/templates/mqtt/cdn.conf.erb b/global/overlay/etc/puppet/modules/cdn/templates/mqtt/cdn.conf.erb
index e167b74..f34a029 100644
--- a/global/overlay/etc/puppet/modules/cdn/templates/mqtt/cdn.conf.erb
+++ b/global/overlay/etc/puppet/modules/cdn/templates/mqtt/cdn.conf.erb
@@ -1,6 +1,6 @@
 listener 8883
-cafile /etc/mosquitto/ca_certificates/chain.pem
-certfile /etc/mosquitto/certs/cert.pem
+cafile /usr/local/share/ca-certificates/step_ca_root.crt
+certfile /etc/mosquitto/certs/fullchain.pem
 keyfile /etc/mosquitto/certs/privkey.pem
 require_certificate true
 use_identity_as_username true