diff --git a/back/lib/ssl_peer_add b/back/lib/ssl_peer_add
index e5023d9..4ddcacf 100755
--- a/back/lib/ssl_peer_add
+++ b/back/lib/ssl_peer_add
@@ -58,20 +58,28 @@ if ! sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >>"${
 	exit 7
 fi
 
-# Generate CSR
-san="subjectAltName=DNS:${hostname}.${username}.${TLD},DNS:*.${hostname}.${username}.${TLD}"
+# Generate config
+san="subjectAltNames = DNS:${hostname}.${username}.${TLD},DNS:*.${hostname}.${username}.${TLD}"
 [ "${ipstring}" != "" ] && san="${san},${ipstring}"
-if ! sudo /usr/bin/openssl req -new -sha256 \
+if ! printf '%s\n' "${san}" | sudo cat '/etc/ssl/openssl.cnf' /dev/stdin \
+| sudo tee "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf"; then
+		printf 'Failed to generate %s/%s/%s.cnf\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
+		exit 7
+fi
+sudo cat "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" >>"${LOGFILE}"
+
+# Generate CSR
+if ! sudo /usr/bin/openssl req -new -sha256 -reqexts SAN \
 	-key "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" \
 	-out "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \
-	-config '/etc/ssl/openssl.cnf' \
-	-addext "${san}" \
+	-config "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" 
 	-subj "/O=${SSL_ORG}/OU=${username}/CN=${hostname}.${username}.${TLD}" \
 	 >>"${LOGFILE}" 2>&1; then
 		printf 'Failed to generate %s/%s/%s.csr\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
 		exit 7
 fi
 
+
 # Generate cert
 if ! sudo /usr/bin/openssl x509 -req -sha256 -extensions SAN -CAcreateserial \
 	-extfile "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
@@ -91,6 +99,9 @@ fi; if ! sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt";
 fi
 
 # Remove old files
-sudo rm "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null || true
+if ! sudo rm "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null; then
+	printf 'Failed to remove old SSL config files %s/%s/%s.cnf\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
+	exit 7
+fi
 
 printf 'SSL certs for %s.%s.%s are ready\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
\ No newline at end of file