diff --git a/gui/apply-boulder b/gui/apply-boulder
index a261057..22986bb 100755
--- a/gui/apply-boulder
+++ b/gui/apply-boulder
@@ -182,7 +182,7 @@ sed -i -e "s|\"crlURLBase\": \".*\"|\"crlURLBase\": \"http://$PKI_FQDN/crl/$INT_
 
 if [ "$PKI_EXTENDED_TIMEOUT" == "1" ]; then
     sed -i -e "s/\"timeout\": \"15s\"/\"timeout\": \"30s\"/" config/ca.json
-    sed -i -e "s/\"timeout\": \"15s\"/\"timeout\": \"30s\"/" config/admin-revoker.json
+    sed -i -e "s/\"timeout\": \"15s\"/\"timeout\": \"30s\"/" config/admin.json
     sed -i -e "s/\"timeout\": \"15s\"/\"timeout\": \"30s\"/" config/wfe2.json
     sed -i -e "s/\"timeout\": \"20s\"/\"timeout\": \"40s\"/" config/wfe2.json
     sed -i -e "s/\"timeout\": \"15s\"/\"timeout\": \"30s\"/" config/expiration-mailer.json
diff --git a/patches/ra_ra.patch b/patches/ra_ra.patch
index 313a0e0..40323f6 100644
--- a/patches/ra_ra.patch
+++ b/patches/ra_ra.patch
@@ -1,5 +1,5 @@
 diff --git a/ra/ra.go b/ra/ra.go
-index 82244d216..a247512ed 100644
+index 82244d216..10d15a624 100644
 --- a/ra/ra.go
 +++ b/ra/ra.go
 @@ -44,7 +44,6 @@ import (
@@ -19,3 +19,13 @@ index 82244d216..a247512ed 100644
  		if err != nil {
  			return err
  		}
+@@ -1933,6 +1932,9 @@ func crlShard(cert *x509.Certificate) (int64, error) {
+ 		return 0, fmt.Errorf("malformed CRLDistributionPoint %q", url)
+ 	}
+ 	shardStr := url[lastIndex+1:]
++	if strings.HasSuffix(shardStr, "-crl.pem") {
++		return 1, nil
++	}
+ 	shardIdx, err := strconv.Atoi(shardStr)
+ 	if err != nil {
+ 		return 0, fmt.Errorf("parsing CRLDistributionPoint: %s", err)
diff --git a/patches/test_certs_generate.patch b/patches/test_certs_generate.patch
index 29d3555..7939a1c 100644
--- a/patches/test_certs_generate.patch
+++ b/patches/test_certs_generate.patch
@@ -1,5 +1,5 @@
 diff --git a/test/certs/generate.sh b/test/certs/generate.sh
-index 7386e7992..50ec741f3 100755
+index 3f0e03d2c..7a57d0b3d 100755
 --- a/test/certs/generate.sh
 +++ b/test/certs/generate.sh
 @@ -63,9 +63,9 @@ webpki() (
@@ -15,10 +15,17 @@ index 7386e7992..50ec741f3 100755
  )
  
  if ! [ -d ipki ]; then
-@@ -73,6 +73,17 @@ if ! [ -d ipki ]; then
+@@ -73,6 +73,24 @@ if ! [ -d ipki ]; then
    ipki
  fi
  
++# For updating older LabCA installations...
++if ! [ -d ipki/admin.boulder ]; then
++  cd ipki
++  minica -domains "admin.boulder" &
++  cd -
++fi
++
 +end_date=$(openssl x509 -enddate -noout -in ipki/boulder/cert.pem | cut -d= -f2)
 +end_date_seconds=$(date -d "$end_date" +%s)
 +current_date_seconds=$(date +%s)