diff --git a/scripts/run_certbot.sh b/scripts/run_certbot.sh
index 259a71b..b96cb5e 100755
--- a/scripts/run_certbot.sh
+++ b/scripts/run_certbot.sh
@@ -10,27 +10,35 @@ else
   http-01"
 fi
 
+if $DEBUG
+then
+  args=$args" --debug"
+fi
+
 for d in $DOMAINS
 do
   args=$args" -d $d"
 done
 
-certbot --agree-tos --renew-by-default \
+certbot certonly --agree-tos --renew-by-default \
 --text --server https://acme-v01.api.letsencrypt.org/directory \
---email $EMAIL certonly $args
+--email $EMAIL $args
 ec=$?
 echo "certbot exit code $ec"
 if [ $ec -eq 0 ]
 then
-  if $CONCAT
-  then
-    # concat the full chain with the private key (e.g. for haproxy)
-    cat /etc/letsencrypt/live/$d/fullchain.pem /etc/letsencrypt/live/$d/privkey.pem > /certs/$d.pem
-  else
-    # keep full chain and private key in separate files (e.g. for nginx and apache)
-    cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.pem
-    cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key
-  fi
+  for d in $DOMAINS
+  do
+    if $CONCAT
+    then
+      # concat the full chain with the private key (e.g. for haproxy)
+      cat /etc/letsencrypt/live/$d/fullchain.pem /etc/letsencrypt/live/$d/privkey.pem > /certs/$d.pem
+    else
+      # keep full chain and private key in separate files (e.g. for nginx and apache)
+      cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.pem
+      cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key
+    fi
+  done
   echo "Success! Your new certificates are in /certs/"
 else
   echo "Cerbot failed. Check the logs for details."