diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/CertificatesController.php b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/CertificatesController.php
index 158ff9679..0159e4631 100644
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/CertificatesController.php
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/CertificatesController.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- *    Copyright (C) 2017-2019 Frank Wall
+ *    Copyright (C) 2017-2020 Frank Wall
  *    Copyright (C) 2015 Deciso B.V.
  *
  *    All rights reserved.
@@ -154,4 +154,24 @@ class CertificatesController extends ApiMutableModelControllerBase
         }
         return $result;
     }
+
+    /**
+     * rerun automation for the certificate by uuid
+     * @param $uuid item unique id
+     * @return array status
+     */
+    public function automationAction($uuid)
+    {
+        $result = array("result" => "failed");
+        $mdlAcme = new AcmeClient();
+        if ($uuid != null) {
+            $node = $mdlAcme->getNodeByReference('certificates.certificate.' . $uuid);
+            if ($node != null) {
+                $cert_id = $node->id;
+                $backend = new Backend();
+                $response = $backend->configdRun("acmeclient run-automation {$cert_id}");
+            }
+        }
+        return $result;
+    }
 }
diff --git a/security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/certificates.volt b/security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/certificates.volt
index c2e206bd6..6db878d50 100644
--- a/security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/certificates.volt
+++ b/security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/certificates.volt
@@ -2,7 +2,7 @@
 
 (Partially duplicates code from opnsense_bootgrid_plugin.js.)
 
-Copyright (C) 2017 Frank Wall
+Copyright (C) 2017-2020 Frank Wall
 Copyright (C) 2015 Deciso B.V.
 OPNsense® is Copyright © 2014-2015 by Deciso B.V.
 All rights reserved.
@@ -48,6 +48,7 @@ POSSIBILITY OF SUCH DAMAGE.
             sign:'/api/acmeclient/certificates/sign/',
             revoke:'/api/acmeclient/certificates/revoke/',
             removekey:'/api/acmeclient/certificates/removekey/',
+            automation:'/api/acmeclient/certificates/automation/',
         };
 
         var gridopt = {
@@ -61,6 +62,7 @@ POSSIBILITY OF SUCH DAMAGE.
                     return "<button type=\"button\" class=\"btn btn-xs btn-default command-edit\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-pencil\"></span></button> " +
                         "<button type=\"button\" class=\"btn btn-xs btn-default command-copy\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-clone\"></span></button>" +
                         "<button type=\"button\" class=\"btn btn-xs btn-default command-sign\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-repeat\"></span></button>" +
+                        "<button type=\"button\" class=\"btn btn-xs btn-default command-automation\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-paper-plane\"></span></button>" +
                         "<button type=\"button\" class=\"btn btn-xs btn-default command-revoke\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-power-off\"></span></button>" +
                         "<button type=\"button\" class=\"btn btn-xs btn-default command-removekey\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-history\"></span></button>" +
                         "<button type=\"button\" class=\"btn btn-xs btn-default command-delete\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-trash-o\"></span></button>";
@@ -377,6 +379,26 @@ POSSIBILITY OF SUCH DAMAGE.
                 }
             });
 
+            // run automation
+            // TODO: this should block other acme.sh actions
+            grid_certificates.find(".command-automation").on("click", function(e)
+            {
+                if (gridParams['automation'] != undefined) {
+                    var uuid=$(this).data("row-id");
+                    stdDialogConfirm('{{ lang._('Confirmation Required') }}',
+                        '{{ lang._('Rerun all automations for the selected certificate?') }}',
+                        '{{ lang._('Yes') }}', '{{ lang._('Cancel') }}', function() {
+                        ajaxCall(url=gridParams['automation'] + uuid,
+                            sendData={},callback=function(data,status){
+                                // reload grid after sign
+                                $("#"+gridId).bootgrid("reload");
+                            });
+                    });
+                } else {
+                    console.log("[grid] action automation missing")
+                }
+            });
+
         });
 
         // Hide options that are irrelevant in this context.
diff --git a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
index 44381d708..cb4d2be0a 100755
--- a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
+++ b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
@@ -2,7 +2,7 @@
 <?php
 
 /*
- * Copyright (C) 2017-2019 Frank Wall
+ * Copyright (C) 2017-2020 Frank Wall
  * Copyright (C) 2015 Deciso B.V.
  * Copyright (C) 2010 Jim Pingle <jimp@pfsense.org>
  * Copyright (C) 2008 Shrew Soft Inc. <mgrooms@shrew.net>
@@ -96,6 +96,10 @@ switch ($options["a"]) {
         $result = cert_action_validator($options["c"]);
         echo json_encode(array('status' => $result));
         break;
+    case 'automation':
+        $result = cert_action_validator($options["c"]);
+        echo json_encode(array('status' => $result));
+        break;
     default:
         echo "ERROR: invalid argument specified\n";
         log_error("invalid argument specified");
@@ -219,6 +223,19 @@ function cert_action_validator($opt_cert_id)
                     }
                 }
 
+                // Only run certificate automation
+                if ($options["a"] == "automation") {
+                    // Check if the cert was successul issued
+                    if (!empty((string)$certObj->statusCode) and (string)$certObj->statusCode == '200') {
+                      log_error("AcmeClient: ready to run automation for certificate: " . (string)$certObj->name);
+                      $restart_certs[] = $certObj;
+                    } else {
+                        log_error("AcmeClient: failed to run automation, certificate status not OK: " . (string)$certObj->name);
+                        return(1);
+                    }
+                    break; // Stop after first match.
+                }
+
                 // Make sure we found the configured validation method
                 if ($ref_found == true) {
                     // Was a revocation requested?
diff --git a/security/acme-client/src/opnsense/service/conf/actions.d/actions_acmeclient.conf b/security/acme-client/src/opnsense/service/conf/actions.d/actions_acmeclient.conf
index 1a335c89f..6122512e0 100644
--- a/security/acme-client/src/opnsense/service/conf/actions.d/actions_acmeclient.conf
+++ b/security/acme-client/src/opnsense/service/conf/actions.d/actions_acmeclient.conf
@@ -71,6 +71,12 @@ parameters:
 type:script
 message:signing or renewing a certificate
 
+[run-automation]
+command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/setup.sh; /usr/sbin/daemon -f /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php -a automation -c
+parameters:%s
+type:script
+message:running automations for a certificate
+
 [cron-auto-renew]
 command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/setup.sh; /usr/sbin/daemon -f /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php -a sign -A -C
 parameters: