diff --git a/defaults/main.yml b/defaults/main.yml
index 59aa13b..f1ce5c7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -28,6 +28,16 @@ ipa_getcert_requested_hostnames:
 #     nss_db_dir: /etc/pki/tls/nss
 #     nss_nickname: name
 
+# If you are using cnames
+# ipa_getcert_requested_hostnames:
+#   - name: name
+#     postcmd: "/bin/systemctl restart httpd"
+#     owner: apache
+#     key_location: /etc/pki/tls/private/web.crt
+#     cert_location: /etc/pki/tls/certs/web.crt
+#     cnames:
+#       - cname.example.com
+
 # This feature coming soon
 #ipa_getcert_fqdn_symlink: true
 
diff --git a/templates/get_cert.sh.j2 b/templates/get_cert.sh.j2
index 8e08251..4dcedc0 100644
--- a/templates/get_cert.sh.j2
+++ b/templates/get_cert.sh.j2
@@ -15,6 +15,11 @@ fi
   -I "{{ ipahosts.name }}" \
   -N "CN={{ ipahosts.name }}" \
   -D "{{ ipahosts.name }}" \
+  {% if ipahosts.cnames is defined %}
+  {% for cname in ipahosts.cnames %}
+  -D "{{ cname }}" \
+  {% endfor %}
+  {% endif %}
   {% if ipa_getcert_nss %}
   -d "${nss_db_path}" \
   -n {{ ipahosts.nss_nickname | default(ansible_fqdn) }} \