diff --git a/gui/apply-boulder b/gui/apply-boulder
index a2e20d5..b59ab01 100755
--- a/gui/apply-boulder
+++ b/gui/apply-boulder
@@ -25,11 +25,15 @@ cat hostname-policy.yaml | tr '\n' '\r' | sed -e "s/Lockdown:.*//" | tr '\r' '\n
 cat hostname-policy.yaml | tr '\n' '\r' | sed -e "s/Whitelist:.*//" | tr '\r' '\n' > hostname-policy.yaml.bak && mv hostname-policy.yaml.bak hostname-policy.yaml
 if [ "$PKI_DOMAIN_MODE" == "lockdown" ] && [ "$PKI_LOCKDOWN_DOMAINS" != "" ]; then
     echo "Lockdown:" >> hostname-policy.yaml
-    echo "  - \"$PKI_LOCKDOWN_DOMAINS\"" >> hostname-policy.yaml
+    for d in $(echo $PKI_LOCKDOWN_DOMAINS | sed -e "s/\\\r\\\n/ /g" | tr '\r' ' '); do
+        echo "  - \"$d\"" >> hostname-policy.yaml
+    done
 fi
 if [ "$PKI_DOMAIN_MODE" == "whitelist" ] && [ "$PKI_WHITELIST_DOMAINS" != "" ]; then
     echo "Whitelist:" >> hostname-policy.yaml
-    echo "  - \"$PKI_WHITELIST_DOMAINS\"" >> hostname-policy.yaml
+    for d in $(echo $PKI_WHITELIST_DOMAINS | sed -e "s/\\\r\\\n/ /g" | tr '\r' ' '); do
+        echo "  - \"$d\"" >> hostname-policy.yaml
+    done
 fi
 if [ "$PKI_DOMAIN_MODE" == "lockdown" ] || [ "$PKI_DOMAIN_MODE" == "whitelist" ]; then
     sed -i -e "s/\(\"n_subject_common_name_included\"\)/\1,\"e_dnsname_not_valid_tld\"/" config/ca-a.json
@@ -37,10 +41,14 @@ if [ "$PKI_DOMAIN_MODE" == "lockdown" ] || [ "$PKI_DOMAIN_MODE" == "whitelist" ]
 
     REPLACEMENT=""
     if [ "$PKI_DOMAIN_MODE" == "lockdown" ] && [ "$PKI_LOCKDOWN_DOMAINS" != "" ]; then
-        REPLACEMENT="    $PKI_LOCKDOWN_DOMAINS: 10000\n"
+        for d in $(echo $PKI_LOCKDOWN_DOMAINS | sed -e "s/\\\r\\\n/ /g" | tr '\r' ' '); do
+            REPLACEMENT+="    $d: 10000\n"
+        done
     fi
     if [ "$PKI_DOMAIN_MODE" == "whitelist" ] && [ "$PKI_WHITELIST_DOMAINS" != "" ]; then
-        REPLACEMENT="    $PKI_WHITELIST_DOMAINS: 10000\n"
+        for d in $(echo $PKI_WHITELIST_DOMAINS | sed -e "s/\\\r\\\n/ /g" | tr '\r' ' '); do
+            REPLACEMENT="    $d: 10000\n"
+        done
     fi
     cat rate-limit-policies.yml | tr '\n' '\r' | sed -e "s/\(must-staple.le.wtf: 10000\).*\(  registrationOverrides:\)/\1\n$REPLACEMENT\2/" | tr '\r' '\n' > rate-limit-policies.yml.bak && mv rate-limit-policies.yml.bak rate-limit-policies.yml
     cat rate-limit-policies.yml | tr '\n' '\r' | sed -e "s/\(certificatesPerFQDNSet:.*must-staple.le.wtf: 10000\).*/\1\n$REPLACEMENT/" | tr '\r' '\n' > rate-limit-policies.yml.bak && mv rate-limit-policies.yml.bak rate-limit-policies.yml
diff --git a/gui/templates/views/manage.tmpl b/gui/templates/views/manage.tmpl
index d2c6794..b3f10f4 100644
--- a/gui/templates/views/manage.tmpl
+++ b/gui/templates/views/manage.tmpl
@@ -163,13 +163,13 @@
       <div class="form-group">
         <label>Domain mode:</label><br/>
         <span class="error config-error hidden" id="domainmode-error"></span>
-        <input type="radio" id="lockdown" name="domain_mode" value="lockdown" {{ if eq .DomainMode "lockdown"}}checked{{ end }}/> Lockdown to only this domain:<br/>
-        <input class="form-control non-fluid" type="text" id="lockdown_domains" name="lockdown_domains" value="{{ .LockdownDomains }}"/>
+        <input type="radio" id="lockdown" name="domain_mode" value="lockdown" {{ if eq .DomainMode "lockdown"}}checked{{ end }}/> Lockdown to only these domains (one per line):<br/>
+        <textarea class="form-control non-fluid" rows="3" cols="24" id="lockdown_domains" name="lockdown_domains">{{ .LockdownDomains }}</textarea>
         <span class="error config-error hidden" id="lockdowndomains-error"></span>
         <br/>
 
-        <input type="radio" id="whitelist" name="domain_mode" value="whitelist" {{ if eq .DomainMode "whitelist"}}checked{{ end }}/> Next to all official domains, also allow this domain (whitelist):<br/>
-        <input class="form-control non-fluid" type="text" id="whitelist_domains" name="whitelist_domains" value="{{ .WhitelistDomains }}"/>
+        <input type="radio" id="whitelist" name="domain_mode" value="whitelist" {{ if eq .DomainMode "whitelist"}}checked{{ end }}/> Next to all official domains, also allow these domains (whitelist; one per line):<br/>
+        <textarea class="form-control non-fluid" rows="3" cols="24" id="whitelist_domains" name="whitelist_domains">{{ .WhitelistDomains }}</textarea>
         <span class="error config-error hidden" id="whitelistdomains-error"></span>
         <br/>
 
diff --git a/gui/templates/views/setup.tmpl b/gui/templates/views/setup.tmpl
index f4537d0..44b5064 100644
--- a/gui/templates/views/setup.tmpl
+++ b/gui/templates/views/setup.tmpl
@@ -25,14 +25,14 @@
     {{ with .Errors.DomainMode }}
     <span class="error">{{ . }}</span><br/>
     {{ end }}
-    <input type="radio" id="lockdown" name="domain_mode" value="lockdown" {{ if eq .DomainMode "lockdown"}}checked{{ end }}/> Lockdown to only this domain:<br/>
-    <input class="form-control non-fluid" type="text" id="lockdown_domains" name="lockdown_domains" value="{{ .LockdownDomains }}"/><br/>
+    <input type="radio" id="lockdown" name="domain_mode" value="lockdown" {{ if eq .DomainMode "lockdown"}}checked{{ end }}/> Lockdown to only these domains (one per line):<br/>
+    <textarea class="form-control non-fluid" rows="3" cols="24" id="lockdown_domains" name="lockdown_domains">{{ .LockdownDomains }}</textarea><br/>
     {{ with .Errors.LockdownDomains }}
     <span class="error">{{ . }}</span><br/>
     {{ end }}
 
-    <input type="radio" id="whitelist" name="domain_mode" value="whitelist" {{ if eq .DomainMode "whitelist"}}checked{{ end }}/> Next to all official domains, also allow this domain (whitelist):<br/>
-    <input class="form-control non-fluid" type="text" id="whitelist_domains" name="whitelist_domains" value="{{ .WhitelistDomains }}"/><br/>
+    <input type="radio" id="whitelist" name="domain_mode" value="whitelist" {{ if eq .DomainMode "whitelist"}}checked{{ end }}/> Next to all official domains, also allow these domains (whitelist; one per line):<br/>
+    <textarea class="form-control non-fluid" rows="3" cols="24" id="whitelist_domains" name="whitelist_domains">{{ .WhitelistDomains }}</textarea><br/>
     {{ with .Errors.WhitelistDomains }}
     <span class="error">{{ . }}</span><br/>
     {{ end }}