diff --git a/server/main.cpp b/server/main.cpp
index b5d0c26..b1c48c8 100644
--- a/server/main.cpp
+++ b/server/main.cpp
@@ -30,7 +30,7 @@ std::vector<sockaddr_storage> bindings(uint16_t port) {
 	return result;
 }
 
-extern std::string le_token;
+extern std::vector<std::string> le_token;
 int main(int argc, char** argv) {
 	evthread_use_pthreads();
 
@@ -67,9 +67,16 @@ int main(int argc, char** argv) {
 		if(line == "end" || line == "stop") {
 			std::cout << "Stopping server\n";
 			break;
-		} else if(line.length() > 13 && line.substr(0, 13) == "set-le-token ") {
-			le_token = line.substr(13);
-			std::cout << "Setting letsencrypt token to: " << le_token << "\n";
+		} else if(line.length() > 13 && line.substr(0, 13) == "add-le-token ") {
+			le_token.push_back(line.substr(13));
+			std::cout << "Added letsencrypt token: " << le_token.back() << "\n";
+		} else if(line.length() > 14 && line.substr(0, 14) == "clear-le-token ") {
+			std::cout << "Cleaning up LE tokens\n";
+			le_token.clear();
+		} else if(line.length() > 14 && line.substr(0, 14) == "list-le-token ") {
+			std::cout << "Letsencrypt tokens (" << le_token.size() << "):\n";
+			for(auto& token : le_token)
+				std::cout << " - " << token << "\n";
 		} else {
 			std::cerr << "Unknown command \"" << line << "\"\n";
 		}
diff --git a/server/src/handler.cpp b/server/src/handler.cpp
index d66da2c..bb6ad8a 100644
--- a/server/src/handler.cpp
+++ b/server/src/handler.cpp
@@ -10,7 +10,7 @@
 using namespace ts::dns;
 using namespace ts::dns::builder;
 
-std::string le_token;
+std::vector<std::string> le_token;
 void WebDNSHandler::handle_message(const std::shared_ptr<DNSServerBinding>& binding, const sockaddr_storage &address, void *buffer, size_t size) {
 	std::cout << "Received DNS request from " << net::to_string(address) << ":\n";
 	DNSParser parser{0, nullptr, buffer, size};
@@ -77,13 +77,15 @@ void WebDNSHandler::handle_message(const std::shared_ptr<DNSServerBinding>& bind
 
 				if(dn == "_acme-challenge.con-gate.work") {
 					std::cout << "  Letsencrypt request\n";
-					std::cout << "  Sending predefined key\n";
+					std::cout << "  Sending predefined key(s)\n";
 
-					auto& a = response.push_answer(query->qname());
-					a.set_class(query->qclass());
-					a.set_type(query->qtype());
-					a.set_ttl(120);
-					a.builder<rrbuilder::TXT>().set_text(le_token);
+					for(auto& key : le_token) {
+						auto& a = response.push_answer(query->qname());
+						a.set_class(query->qclass());
+						a.set_type(query->qtype());
+						a.set_ttl(120);
+						a.builder<rrbuilder::TXT>().set_text(key);
+					}
 				}
 			}
 		}