diff --git a/fogcutter/k8s/haproxy.cfg b/fogcutter/k8s/haproxy.cfg
index aaeffb3..c35b6ed 100644
--- a/fogcutter/k8s/haproxy.cfg
+++ b/fogcutter/k8s/haproxy.cfg
@@ -2,7 +2,7 @@
 ## Do https://unix.stackexchange.com/a/538901 to fix network-online.target on debian w/ /etc/intefaces
 ## certbot setup:
 ##   - https://certbot.eff.org/lets-encrypt/debianbuster-haproxy
-##   - Add "0 0 1 * * systemctl stop haproxy && certbot renew && systemctl start haproxy && cat /etc/letsencrypt/live/seaturtle.pw/{cert,privkey}.pem > /etc/letsencrypt/live/seaturtle.pw/haproxy_cert.pem" to root crontab
+##   - Add "0 0 1 * * systemctl stop haproxy && certbot renew && systemctl start haproxy && cat /etc/letsencrypt/live/seaturtle.pw/{fullchain,privkey}.pem > /etc/letsencrypt/live/seaturtle.pw/haproxy_cert.pem" to root crontab
 ##     - (Default systemd timer does not have option to stop haproxy before running)
 ## Ensure microk8s only exposes nodeport on 127.0.0.1:
 ##   - Edit /var/snap/microk8s/current/args/kube-proxy, adding "--nodeport-addresses=127.0.0.1/8"