diff --git a/README.rst b/README.rst
index 840cfff0a..2cec4adad 100644
--- a/README.rst
+++ b/README.rst
@@ -37,9 +37,9 @@ from your OS and puts others in a python virtual environment::
 .. hint:: The certbot-auto download is protected by HTTPS, which is pretty good, but if you'd like to
           double check the integrity of the ``certbot-auto`` script, you can use these steps for verification before running it::
 
-            user@server:~$ wget https://dl.eff.org/certbot-auto.sig
+            user@server:~$ wget https://dl.eff.org/certbot-auto.asc
             user@server:~$ gpg2 --recv-key A2CFB51FA275A7286234E7B24D17C995CD9775F2
-            user@server:~$ gpg2 --trusted-key 4D17C995CD9775F2 --verify certbot-auto.sig certbot-auto
+            user@server:~$ gpg2 --trusted-key 4D17C995CD9775F2 --verify certbot-auto.asc certbot-auto
 
 And for full command line help, you can type::
 
diff --git a/tools/release.sh b/tools/release.sh
index d41192af9..042aa5259 100755
--- a/tools/release.sh
+++ b/tools/release.sh
@@ -187,6 +187,9 @@ while ! openssl dgst -sha256 -verify $RELEASE_OPENSSL_PUBKEY -signature \
    read -p "Please correctly sign letsencrypt-auto with offline-signrequest.sh"
 done
 
+# This signature is not quite as strong, but easier for people to verify out of band
+gpg -u "$RELEASE_GPG_KEY" --detach-sign --armor --sign letsencrypt-auto-source/letsencrypt-auto
+
 # copy leauto to the root, overwriting the previous release version
 cp -p letsencrypt-auto-source/letsencrypt-auto letsencrypt-auto