diff --git a/badssl.com/certs/Makefile b/badssl.com/certs/Makefile
index f7131b8..8170231 100644
--- a/badssl.com/certs/Makefile
+++ b/badssl.com/certs/Makefile
@@ -166,7 +166,7 @@ $(O)/gen/chain/wildcard-sha512.pem: $(O)/gen/crt/wildcard-sha512.crt $(O)/gen/cr
 ################################
 $(O)/gen/crt/wildcard-expired.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-main.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
 	# Too lazy to setup the loathsome mess that is openssl ca when I could just wait a day
-	./tool sign $@ $(D) 1 sha256 req_v3_usr $^
+	./tool sign $@ $(D) 0 sha256 req_v3_usr $^
 CHAINS_PROD += $(O)/gen/chain/wildcard-expired.pem
 $(O)/gen/chain/wildcard-expired.pem: $(O)/gen/crt/wildcard-expired.crt $(O)/gen/crt/ca-intermediate.crt
 	./tool chain $@ $(D) $^
diff --git a/badssl.com/certs/tool b/badssl.com/certs/tool
index e10ba4d..e6405f0 100755
--- a/badssl.com/certs/tool
+++ b/badssl.com/certs/tool
@@ -83,17 +83,32 @@ self-sign)
     -signkey $6
   ;;
 sign)
-  openssl x509 \
-    -req \
-    -CAcreateserial \
-    -days $1 \
-    -$2 \
-    -out $OUT \
-    -extensions $3 \
-    -extfile <(cat $4 | sed "s/__DOMAIN__/$DOMAIN/g") \
-    -in $5 \
-    -CAkey $6 \
-    -CA $7
+  if [ $1 -eq 0 ];then
+        cmdstr="openssl x509 \
+        -req \
+        -CAcreateserial \
+        -days 1 \
+        -$2 \
+        -out $OUT \
+        -extensions $3 \
+        -extfile <(cat $4 | sed "s/__DOMAIN__/$DOMAIN/g") \
+        -in $5 \
+        -CAkey $6 \
+        -CA $7"
+        faketime -1day /bin/bash -c "$cmdstr"
+  else
+        openssl x509 \
+        -req \
+        -CAcreateserial \
+        -days $1 \
+        -$2 \
+        -out $OUT \
+        -extensions $3 \
+        -extfile <(cat $4 | sed "s/__DOMAIN__/$DOMAIN/g") \
+        -in $5 \
+        -CAkey $6 \
+        -CA $7
+  fi
   ;;
 *)
   echo "Unknown command."
diff --git a/deploy/init_certs/init_badssl_certs.sh b/deploy/init_certs/init_badssl_certs.sh
index 30c23a8..fc3473c 100644
--- a/deploy/init_certs/init_badssl_certs.sh
+++ b/deploy/init_certs/init_badssl_certs.sh
@@ -1,2 +1,2 @@
 #!/bin/sh
-docker run  --rm -v /opt/tsg/tsg-diagnose/.badssl_cert_dict:/badssl.com/unittest_certs  -it badssl-tsg-diagnose /bin/bash -c 'make certs-test >> /dev/null && cp -r certs common /badssl.com/unittest_certs'
\ No newline at end of file
+docker run  --rm -v /opt/tsg/tsg-diagnose/.badssl_cert_dict:/badssl.com/unittest_certs -v /etc/localtime:/etc/localtime:ro -it badssl-tsg-diagnose /bin/bash -c 'make certs-test >> /dev/null && cp -r certs common /badssl.com/unittest_certs'
\ No newline at end of file
diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml
index d4a4eb8..26b0f55 100644
--- a/docker-compose/docker-compose.yml
+++ b/docker-compose/docker-compose.yml
@@ -19,7 +19,7 @@ services:
     command: >
       bash -c "ifconfig eth0 hw ether 02:42:c0:a8:fd:82
       && arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03 
-      && cp -r cp -r /badssl.com/unittest_certs/certs /badssl.com/unittest_certs/common /badssl.com
+      && cp -r /badssl.com/unittest_certs/certs /badssl.com/unittest_certs/common /badssl.com
       && make inside-docker
       && nginx
       && tail -f /dev/null"