diff --git a/.github/workflows/build_containers.yml b/.github/workflows/build_containers.yml
index 10ac0c9..63620c8 100644
--- a/.github/workflows/build_containers.yml
+++ b/.github/workflows/build_containers.yml
@@ -25,9 +25,9 @@ jobs:
             type=schedule
             type=ref,event=branch
             type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
+            type=semver,pattern=v{{version}}
+            type=semver,pattern=v{{major}}.{{minor}}
+            type=semver,pattern=v{{major}}
             type=sha    
       - name: setup Docker Buildx
         uses: docker/setup-buildx-action@v3
diff --git a/Dockerfile b/Dockerfile
index 2c2ee55..9cc4177 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,12 +1,13 @@
 FROM cgr.dev/chainguard/wolfi-base
 #install step dependencies
-RUN apk add --no-cache wget step step-ca bash
+RUN apk add --no-cache wget step step-ca bash acme.sh
 
 ENV CONFIGPATH="/home/step/config/ca.json"
 ENV PWDPATH="/home/step/secrets/password"
 ENV STEPPATH="/home/step"
 
 RUN mkdir /root-ca
+RUN mkdir /root/.acme.sh
 
 VOLUME ["/home/step", "/root-ca"]
 
diff --git a/entrypoint.sh b/entrypoint.sh
index a5c63da..3e0eeba 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -83,6 +83,7 @@ function step_ca_init () {
     # First we put the root ca cert and intermediate cert in the easiest place to find it in the volume
     cp /home/step/certs/root_ca.crt /root-ca/root_ca.crt
     cp /home/step/certs/intermediate_ca.crt /root-ca/intermediate_ca.crt
+    chmod 444 /root-ca/*.crt
     # Then we set up the files in the right place for the step client to find them
     mkdir -p /root-ca/step/certs
     cp /home/step/certs/root_ca.crt /root-ca/step/certs/root_ca.crt