diff --git a/getssl b/getssl
index 7ae6ae5..c92733f 100755
--- a/getssl
+++ b/getssl
@@ -1222,7 +1222,7 @@ if [[ $VALIDATE_VIA_DNS == "true" ]]; then
   done
 
   if [[ "$DNS_EXTRA_WAIT" -gt 0 && "$PREVIOUSLY_VALIDATED" != "true" ]]; then
-    info "sleeping $DNS_EXTRA_WAIT seconds before asking the ACME-server to check the dns"
+    info "sleeping $DNS_EXTRA_WAIT seconds before asking the ACME server to check the dns"
     sleep "$DNS_EXTRA_WAIT"
   fi
 
@@ -1267,20 +1267,22 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
 
   if [[ -n "$HAS_DIG_OR_DRILL" ]]; then
     gad_d="$orig_gad_d"
-    debug Using "$HAS_DIG_OR_DRILL SOA +trace +nocomments $gad_d @$gad_s" to find primary nameserver
     # Use SOA +trace to find the name server
     if [[ -z "$gad_s" ]]; then
-        res=$($HAS_DIG_OR_DRILL SOA +trace +nocomments "$gad_d" 2>/dev/null | grep "IN\WNS\W" | tail -1)
+        debug Using "$HAS_DIG_OR_DRILL SOA +trace +nocomments $gad_d" to find primary nameserver
+        res=$($HAS_DIG_OR_DRILL SOA +trace +nocomments "$gad_d" 2>/dev/null | grep "IN\WNS\W")
     else
-        res=$($HAS_DIG_OR_DRILL SOA +trace +nocomments "$gad_d" "@$gad_s" 2>/dev/null | grep "IN\WNS\W" | tail -1)
+        debug Using "$HAS_DIG_OR_DRILL SOA +trace +nocomments $gad_d @$gad_s" to find primary nameserver
+        res=$($HAS_DIG_OR_DRILL SOA +trace +nocomments "$gad_d" "@$gad_s" 2>/dev/null | grep "IN\WNS\W")
     fi
 
     # fallback to existing code
     if [[ -z "$res" ]]; then
-      debug Checking for CNAME using "$HAS_DIG_OR_DRILL CNAME $gad_d @$gad_s"
       if [[ -z "$gad_s" ]]; then #checking for CNAMEs (need grep as dig 9.11 sometimes returns everything not just CNAME entries)
+        debug Checking for CNAME using "$HAS_DIG_OR_DRILL CNAME $gad_d"
         res=$($HAS_DIG_OR_DRILL CNAME "$gad_d"| grep "^$gad_d" | grep CNAME)
       else
+        debug Checking for CNAME using "$HAS_DIG_OR_DRILL CNAME $gad_d @$gad_s"
         res=$($HAS_DIG_OR_DRILL CNAME "$gad_d" "@$gad_s"| grep "^$gad_d" | grep CNAME)
       fi
       if [[ -n "$res" ]]; then # domain is a CNAME so get main domain
@@ -1294,11 +1296,12 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
       #   dig NS www.getssl.text
       #   > www.getssl.test.  IN CNAME getssl.test
       #   > getssl.test.      IN    NS ns1.duckdns.org
-      debug Using "$HAS_DIG_OR_DRILL NS $gad_d @$gad_s" to find primary nameserver
       if [[ -z "$gad_s" ]]; then
-        res=$($HAS_DIG_OR_DRILL NS "$gad_d"| grep -E "IN\W(NS|SOA)\W" | tail -1)
+        debug Using "$HAS_DIG_OR_DRILL NS $gad_d" to find primary nameserver
+        res=$($HAS_DIG_OR_DRILL NS "$gad_d"| grep -E "IN\W(NS|SOA)\W")
       else
-        res=$($HAS_DIG_OR_DRILL NS "$gad_d" "@$gad_s"| grep -E "IN\W(NS|SOA)\W" | tail -1)
+        debug Using "$HAS_DIG_OR_DRILL NS $gad_d @$gad_s" to find primary nameserver
+        res=$($HAS_DIG_OR_DRILL NS "$gad_d" "@$gad_s"| grep -E "IN\W(NS|SOA)\W")
       fi
     fi
     if [[ -n "$res" ]]; then
@@ -2194,6 +2197,7 @@ write_domain_template() { # write out a template file for a domain.
 		# where "/path/to/your/website/folder/" is the path, on your web server, to the web root for your domain.
 		# You can also user WebDAV over HTTPS as transport mechanism. To do so, start with davs: followed by username,
 		# password, host, port (explicitly needed even if using default port 443) and path on the server.
+        # Multiple locations can be defined for a file by separating the locations with a semi-colon.
 		#ACL=('/var/www/${DOMAIN}/web/.well-known/acme-challenge'
 		#     'ssh:server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge'
 		#     'ssh:sshuserid@server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge'