diff --git a/etc/nftables/nftables-web.conf b/etc/nftables/nftables-web.conf
index 3c3c7d5..b7c6a02 100644
--- a/etc/nftables/nftables-web.conf
+++ b/etc/nftables/nftables-web.conf
@@ -5,12 +5,12 @@ flush ruleset
 table inet filter {
     define ip-allowlist-ssh = {
         51.222.156.101, # 0.grapheneos.org
-        51.222.15.172, # 0.releases.grapheneos.org
+        45.90.185.33, # 4.releases.grapheneos.org
     }
 
     define ip6-allowlist-ssh = {
         2607:5300:205:200::29c6, # 0.grapheneos.org
-        2607:5300:205:200::47ea, # 0.releases.grapheneos.org
+        2a14:3f87:6920:250::100, # 4.releases.grapheneos.org
     }
 
     set ip-connlimit-ssh {
diff --git a/hosts.sh b/hosts.sh
index 3a82eb6..1322675 100644
--- a/hosts.sh
+++ b/hosts.sh
@@ -293,7 +293,7 @@ readonly hosts_certbot=(
     staging.grapheneos.org
     0.grapheneos.org
     0.grapheneos.network
-    0.releases.grapheneos.org
+    4.releases.grapheneos.org
     staging.attestation.app
     attestation.app
     matrix.grapheneos.org
diff --git a/packages/0.releases.grapheneos.org b/packages/0.releases.grapheneos.org
index 69798f6..413af79 100644
--- a/packages/0.releases.grapheneos.org
+++ b/packages/0.releases.grapheneos.org
@@ -1,5 +1,4 @@
 base
-certbot
 chrony
 cloud-guest-utils
 conntrack-tools
diff --git a/packages/4.releases.grapheneos.org b/packages/4.releases.grapheneos.org
index 5ef5bf9..da9ab4d 100644
--- a/packages/4.releases.grapheneos.org
+++ b/packages/4.releases.grapheneos.org
@@ -1,5 +1,6 @@
 amd-ucode
 base
+certbot
 chrony
 cloud-guest-utils
 conntrack-tools