diff --git a/roles/certificate/tasks/main.yml b/roles/certificate/tasks/main.yml
index 4d76a141803f0359f4ff1c38d3318c222bf5b6bf..9a81461c090e6447d9d616624e9bc75bf7422520 100644
--- a/roles/certificate/tasks/main.yml
+++ b/roles/certificate/tasks/main.yml
@@ -1,17 +1,17 @@
-- name: Create ssl cert (HTTP-01)
+- name: Create ssl cert (HTTP-01) named {{ cert_name | default(domains | first) }}
   shell: |
     set -o pipefail
     # We can't start nginx without the certificate and we can't issue a certificate without nginx running.
     # So use Python built-in http.server for the initial certificate issuance
     python -m http.server --directory {{ letsencrypt_validation_dir }} 80 &
     trap "jobs -p | xargs --no-run-if-empty kill" EXIT
-    certbot certonly --email {{ certificate_contact_email }} --agree-tos --key-type ecdsa --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d {{ domains | join(' -d ') }}
+    certbot certonly --email {{ certificate_contact_email }} --agree-tos --key-type ecdsa --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d {{ domains | join(' -d ') }} --cert-name {{ cert_name | default(domains | first) }}
   args:
-    creates: '/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem'
+    creates: '/etc/letsencrypt/live/{{ cert_name | default(domains | first) }}/fullchain.pem'
   when: challenge | default(certificate_challenge) == "HTTP-01"
 
-- name: Create ssl cert (DNS-01)
-  command: certbot certonly --email {{ certificate_contact_email }} --agree-tos --key-type ecdsa --renew-by-default --dns-rfc2136 --dns-rfc2136-credentials /etc/letsencrypt/rfc2136.ini -d {{ domains | join(' -d ') }}
+- name: Create ssl cert (DNS-01) named {{ cert_name | default(domains | first) }}
+  command: certbot certonly --email {{ certificate_contact_email }} --agree-tos --key-type ecdsa --renew-by-default --dns-rfc2136 --dns-rfc2136-credentials /etc/letsencrypt/rfc2136.ini -d {{ domains | join(' -d ') }} --cert-name {{ cert_name | default(domains | first) }}
   args:
-    creates: '/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem'
+    creates: '/etc/letsencrypt/live/{{ cert_name | default(domains | first) }}/fullchain.pem'
   when: challenge | default(certificate_challenge) == "DNS-01"