diff --git a/main.go b/main.go
index 7639820..91902e5 100644
--- a/main.go
+++ b/main.go
@@ -17,6 +17,7 @@ import (
 	"log"
 	"math/big"
 	"os"
+	"strings"
 	"time"
 )
 
@@ -38,7 +39,7 @@ func main() {
 	flag.BoolVar(&server, "server", false, "generate a server certificate.")
 	flag.BoolVar(&ed25519, "ed25519", false, "use ed25519 instead of ECDSA.")
 	flag.BoolVar(&nowild, "nowild", false, "do not include a wildcard entry in SAN.")
-	flag.StringVar(&domain, "domain", "example.com", "server domain.")
+	flag.StringVar(&domain, "domain", "example.com", "server domain or a space separated list of domains.")
 	flag.StringVar(&cn, "cn", "gemini", "client certificate CN.")
 	flag.IntVar(&years, "years", 0, "years of validity.")
 	flag.IntVar(&months, "months", 0, "months of validity.")
@@ -85,18 +86,39 @@ func main() {
 }
 
 func getServerCertTemplate(domain string, wildcard bool, notBefore time.Time, notAfter time.Time) x509.Certificate {
+	domainList := strings.Fields(domain)
 	template := getCommonCertTemplate(notBefore, notAfter)
 	template.Subject = pkix.Name{
-		CommonName: domain,
+		CommonName: domainList[0],
 	}
-	template.DNSNames = append(template.DNSNames, domain)
-	if wildcard {
-		wildcard := "*." + domain
-		template.DNSNames = append(template.DNSNames, wildcard)
+
+	for _, d := range domainList {
+		appendDNSName(&template, d)
+
+		if wildcard {
+			appendDNSName(&template, "*." + d)
+		}
 	}
+
 	return template
 }
 
+func appendDNSName(template *x509.Certificate, name string) {
+	if (!contains(template.DNSNames, name)) {
+		template.DNSNames = append(template.DNSNames, name)
+	}
+}
+
+func contains(list []string, str string) bool {
+	for _, s := range list {
+		if s == str {
+			return true
+		}
+	}
+
+	return false
+}
+
 func getClientCertTemplate(cn string, notBefore time.Time, notAfter time.Time) x509.Certificate {
 	template := getCommonCertTemplate(notBefore, notAfter)
 	template.Subject = pkix.Name{