diff --git a/test/certs/generate.sh b/test/certs/generate.sh
index 6038ace4e..728f49df6 100755
--- a/test/certs/generate.sh
+++ b/test/certs/generate.sh
@@ -62,16 +62,50 @@ webpki() (
   # This function executes in a subshell, so this cd does not affect the parent
   # script.
   cd ../..
-  make build
-  mkdir ./test/certs/webpki
-  go run ./test/certs/webpki.go
+  # make build
+  mkdir ./labca/certs/webpki
+  # go run ./labca/certs/webpki.go
 )
 
+umask 0022
+
 if ! [ -d ipki ]; then
   echo "Generating ipki/..."
   ipki
 fi
 
+# For updating older LabCA installations...
+if ! [ -d ipki/admin.boulder ]; then
+  cd ipki
+  minica -domains "admin.boulder" &
+  cd -
+fi
+if ! [ -d ipki/email-exporter.boulder ]; then
+  cd ipki
+  minica -domains "email-exporter.boulder" &
+  cd -
+fi
+cnt=$(openssl x509 -text -noout -in ipki/redis/cert.pem | grep 10.33.33. | wc -l)
+if [ $cnt -ge "1" ]; then
+  cd ipki
+  mv redis redis.bak
+  minica -domains redis -ip-addresses 10.77.77.2,10.77.77.3,10.77.77.4,10.77.77.5
+  chmod go+rx redis
+  chmod go+r redis/*
+  cd -
+fi
+
+end_date=$(openssl x509 -enddate -noout -in ipki/boulder/cert.pem | cut -d= -f2)
+end_date_seconds=$(date -d "$end_date" +%s)
+current_date_seconds=$(date +%s)
+remaining_days=$(( (end_date_seconds - current_date_seconds) / 86400 ))
+if [ $remaining_days -lt 60 ]; then
+  echo "Regenerating ipki/..."
+  [ -d ipki.prev ] && rm -rf ipki.prev
+  mv ipki ipki.prev
+  ipki
+fi
+
 if ! [ -d webpki ]; then
   echo "Generating webpki/..."
   webpki