diff --git a/commander b/commander
index bcc6900..85d0d40 100755
--- a/commander
+++ b/commander
@@ -70,6 +70,16 @@ case $txt in
     ln -sf /home/labca/labca/cron_d /etc/cron.d/labca
     ln -sf /home/labca/labca/logrotate_d /etc/logrotate.d/labca
     ;;
+"acme-change")
+    read fqdn
+    cd /home/labca/nginx_data/ssl
+    openssl genrsa 4096 > labca_key.pem
+    openssl req -new -utf8 -sha256 -key labca_key.pem -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:$fqdn")) > domain.csr
+    url=$(grep 'DEFAULT_DIRECTORY_URL =' /home/labca/acme_tiny.py | sed -e 's/.*=[ ]*//' | sed -e 's/\"//g')
+    wait_server $url
+    sleep 10
+    /home/labca/labca/renew
+    ;;
 "nginx-remove-redirect")
     perl -i -p0e 's/\n    # BEGIN temporary redirect\n    location = \/ \{\n        return 302 \/admin\/;\n    }\n    # END temporary redirect\n//igs' /home/labca/nginx_data/conf.d/labca.conf
     ;;
diff --git a/gui/main.go b/gui/main.go
index ce94eee..3d81fc8 100644
--- a/gui/main.go
+++ b/gui/main.go
@@ -519,9 +519,11 @@ func _configUpdateHandler(w http.ResponseWriter, r *http.Request) {
 
 	if cfg.Validate(true) {
 		delta := false
+		deltaFQDN := false
 
 		if cfg.Fqdn != viper.GetString("labca.fqdn") {
 			delta = true
+			deltaFQDN = true
 			viper.Set("labca.fqdn", cfg.Fqdn)
 		}
 
@@ -573,6 +575,12 @@ func _configUpdateHandler(w http.ResponseWriter, r *http.Request) {
 				res.Success = false
 				res.Errors = cfg.Errors
 				res.Errors["ConfigUpdate"] = "Config apply error: '" + err.Error() + "'"
+			} else if deltaFQDN {
+				if !_hostCommand(w, r, "acme-change", viper.GetString("labca.fqdn")) {
+					res.Success = false
+					res.Errors = cfg.Errors
+					res.Errors["ConfigUpdate"] = "Error requesting certificate for new fqdn"
+				}
 			}
 		} else {
 			res.Success = false