diff --git a/install/lib/update.lib.php b/install/lib/update.lib.php
index 21dde252a755eb60631068239a788d4d7ca9a867..4611c7bf32e97a96e58e83487fe944c9d2d91bf0 100644
--- a/install/lib/update.lib.php
+++ b/install/lib/update.lib.php
@@ -59,6 +59,8 @@ function prepareDBDump() {
 
 		system("mysqldump -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -c -t --add-drop-table --create-options --quick --result-file=existing_db.sql ".$conf['mysql']['database']);
 	}
+	chmod('existing_db.sql', 0400);
+	chown('existing_db.sql', 'root');
 
 	/*
 	 * If we have a server with nothing in it except VE's then the database of thie server is empty.
diff --git a/server/lib/classes/cron.d/900-letsencrypt.inc.php b/server/lib/classes/cron.d/900-letsencrypt.inc.php
index e507a3b353d256d951c2e7ae01a8bea9c9e3273f..d03d4a184a7c2626f7d05816c9aa628d80da14f4 100644
--- a/server/lib/classes/cron.d/900-letsencrypt.inc.php
+++ b/server/lib/classes/cron.d/900-letsencrypt.inc.php
@@ -52,7 +52,7 @@ class cronjob_letsencrypt extends cronjob {
 		
 		$server_config = $app->getconf->get_server_config($conf['server_id'], 'server');
 		if(!isset($server_config['migration_mode']) || $server_config['migration_mode'] != 'y') {
-			$letsencrypt = explode("\n", shell_exec('which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt'));
+			$letsencrypt = explode("\n", shell_exec('which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt /opt/eff.org/certbot/venv/bin/certbot'));
 			$letsencrypt = reset($letsencrypt);
 			if(is_executable($letsencrypt)) {
 				$version = exec($letsencrypt . ' --version  2>&1', $ret, $val);
diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php
index 7d5194cf39c4bbcdd87293688e3d6d58b6b24851..f27b57804410492938cf5483b6b9b18d8e0afea6 100644
--- a/server/lib/classes/letsencrypt.inc.php
+++ b/server/lib/classes/letsencrypt.inc.php
@@ -250,6 +250,12 @@ class letsencrypt {
 		unset($le_domains);
 		@unlink('/usr/local/ispconfig/interface/acme/.well-known/acme-challenge/' . $le_rnd_file);
 
+		$le_domain_count = count($temp_domains);
+		if($le_domain_count > 100) {
+			$temp_domains = array_splice($temp_domains, 0, 100);
+			$app->log("There were " . $le_domain_count . " domains in the domain list. LE only supports 100, so we strip the rest.", LOGLEVEL_WARN);
+		}
+
 		// generate cli format
 		foreach($temp_domains as $temp_domain) {
 			$cli_domain_arg .= (string) " --domains " . $temp_domain;
@@ -266,7 +272,7 @@ class letsencrypt {
 				$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
 				$app->log("Let's Encrypt SSL Cert domains: $cli_domain_arg", LOGLEVEL_DEBUG);
 			
-				$letsencrypt = explode("\n", shell_exec('which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt'));
+				$letsencrypt = explode("\n", shell_exec('which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt /opt/eff.org/certbot/venv/bin/certbot'));
 				$letsencrypt = reset($letsencrypt);
 				if(is_executable($letsencrypt)) {
 					$letsencrypt_cmd = $letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain $cli_domain_arg --webroot-path /usr/local/ispconfig/interface/acme";