diff --git a/roles/letsencrypt/defaults/main.yml b/roles/letsencrypt/defaults/main.yml
index 64734e5..710a2e6 100644
--- a/roles/letsencrypt/defaults/main.yml
+++ b/roles/letsencrypt/defaults/main.yml
@@ -17,6 +17,7 @@ letsencrypt_challenge: http
 # letsencrypt_dns_provider_options: '--api-protocol=rest'
 # letsencrypt_dns_auth_token: XXXX
 #
+letsencrypt_certs: []
 # letsencrypt_certs:
 #   - common_name: www.domain.org
 #     alt_names:
@@ -27,6 +28,10 @@ letsencrypt_challenge: http
 #   - common_name: ldap.domain.com
 #     alt_names:
 #       - directory.domain.com
+#     config:
+#       CHALLENGETYPE: http-01
+#       RENEW_DAYS: 20
+#       KEYSIZE: 3072
 
 letsencrypt_base_hooks:
   clean_challenge: |
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
index 10531bb..877f198 100644
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/letsencrypt/tasks/main.yml
@@ -56,6 +56,10 @@
     - exit_hook
   tags: web,ssl
 
+- name: Create per cert configuration dir
+  file: path=/etc/dehydrated/certificates state=directory
+  tags: web,ssl
+
 - name: Deploy default hooks
   copy: content={{ letsencrypt_hooks[item] }} dest=/etc/dehydrated/hooks_{{ item }}.d/00-default mode=755
   loop:
@@ -97,7 +101,7 @@
   tags: web,ssl
 
 - name: Deploy dehydrated configuration
-  template: src={{ item.src }} dest={{item.dest }} mode={{ item.mode | default('644') }}
+  template: src={{ item.src }} dest={{ item.dest }} mode={{ item.mode | default('644') }}
   with_items:
     - src: config.j2
       dest: /etc/dehydrated/config
@@ -110,6 +114,12 @@
   notify: renew dehydrated
   tags: web,ssl
 
+- name: Deploy per certificate config
+  template: src=cert_config.j2 dest=/etc/dehydrated/certificates/{{ item.common_name }} mode=600
+  loop: "{{ letsencrypt_certs }}"
+  notify: renew dehydrated
+  tags: web,ssl
+
 - name: Create httpd conf dir
   file: path=/etc/httpd/ansible_conf.d state=directory
   when: ansible_os_family == 'RedHat'
diff --git a/roles/letsencrypt/templates/cert_config.j2 b/roles/letsencrypt/templates/cert_config.j2
new file mode 100644
index 0000000..e59a60f
--- /dev/null
+++ b/roles/letsencrypt/templates/cert_config.j2
@@ -0,0 +1,5 @@
+{% if item.config is defined and item.config is mapping %}
+{% for key in item.config.keys() | list %}
+{{ key }}={{ item.config[key] }}
+{% endfor %}
+{% endif %}
diff --git a/roles/letsencrypt/templates/config.j2 b/roles/letsencrypt/templates/config.j2
index 1309ca7..6276ade 100644
--- a/roles/letsencrypt/templates/config.j2
+++ b/roles/letsencrypt/templates/config.j2
@@ -4,6 +4,7 @@ CA={{ letsencrypt_ca }}
 IP_VERSION=4
 BASEDIR=/var/lib/dehydrated/certificates
 DOMAINS_TXT=/etc/dehydrated/domains.txt
+DOMAINS_D=/etc/dehydrated/certificates
 WELLKNOWN=/var/lib/dehydrated/challenges
 KEYSIZE="{{ letsencrypt_key_size | default('4096') }}"
 HOOK=/usr/{{ (ansible_os_family == 'Debian') | ternary('local/','') }}bin/dehydrated_hooks