diff --git a/test/19-test-add-to-sans.bats b/test/19-test-add-to-sans.bats
new file mode 100644
index 0000000..8d6f560
--- /dev/null
+++ b/test/19-test-add-to-sans.bats
@@ -0,0 +1,61 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+    curl --silent -X POST -d '{"host":"a.'$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
+    curl --silent -X POST -d '{"host":"b.'$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
+}
+
+teardown() {
+    curl --silent -X POST -d '{"host":"a.'$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/clear-a
+    curl --silent -X POST -d '{"host":"b.'$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/clear-a
+}
+
+
+
+@test "Create certificate to check can add to SANS" {
+    skip "FIXME: Certificate is not recreated when SANS is updated"
+    if [ -n "$STAGING" ]; then
+        skip "Not trying on staging server yet"
+        CONFIG_FILE="getssl-staging-dns01.cfg"
+    else
+        CONFIG_FILE="getssl-dns01-add-to-sans-1.cfg"
+    fi
+    . "${CODE_DIR}/test/test-config/${CONFIG_FILE}"
+    setup_environment
+
+
+    init_getssl
+    create_certificate
+    assert_success
+    check_output_for_errors
+}
+
+
+@test "Check we can add a new domain to SANS" {
+    skip "FIXME: Certificate is not recreated when SANS is updated"
+    if [ -n "$STAGING" ]; then
+        skip "Not trying on staging server yet"
+        CONFIG_FILE="getssl-staging-dns01.cfg"
+    else
+        CONFIG_FILE="getssl-dns01-add-to-sans-2.cfg"
+    fi
+    # . "${CODE_DIR}/test/test-config/${CONFIG_FILE}"
+    # CERT=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt
+    # KEY=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key
+    # cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg"
+
+    create_certificate
+    assert_success
+    check_output_for_errors
+
+    # As the SANS list changed, a new certificate is needed
+    assert_line --partial "certificate installed OK on server"
+    refute_line --partial 'certificate is valid for more than'
+}
diff --git a/test/test-config/getssl-dns01-add-to-sans-1.cfg b/test/test-config/getssl-dns01-add-to-sans-1.cfg
new file mode 100644
index 0000000..ddb514a
--- /dev/null
+++ b/test/test-config/getssl-dns01-add-to-sans-1.cfg
@@ -0,0 +1,37 @@
+# Uncomment and modify any variables you need
+# see https://github.com/srvrco/getssl/wiki/Config-variables for details
+# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
+#
+CA="https://pebble:14000/dir"
+
+VALIDATE_VIA_DNS=true
+DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv"
+DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv"
+AUTH_DNS_SERVER=10.30.50.3
+
+# Speed up the test by reducing the number or retries and the wait between retries.
+DNS_WAIT=2
+DNS_WAIT_COUNT=11
+DNS_EXTRA_WAIT=0
+
+# Additional domains - this could be multiple domains / subdomains in a comma separated list
+SANS="a.${GETSSL_HOST}"
+
+# Location for all your certs, these can either be on the server (full path name)
+# or using ssh /sftp as for the ACL
+DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
+DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
+CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
+DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
+DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
+
+# The command needed to reload apache / nginx or whatever you use
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
+
+# Define the server type and confirm correct certificate is installed
+SERVER_TYPE="https"
+CHECK_REMOTE="true"
+IGNORE_DIRECTORY_DOMAIN="true"
+
+#_USE_DEBUG=1
+#_RUNNING_TEST=1
diff --git a/test/test-config/getssl-dns01-add-to-sans-2.cfg b/test/test-config/getssl-dns01-add-to-sans-2.cfg
new file mode 100644
index 0000000..9196905
--- /dev/null
+++ b/test/test-config/getssl-dns01-add-to-sans-2.cfg
@@ -0,0 +1,37 @@
+# Uncomment and modify any variables you need
+# see https://github.com/srvrco/getssl/wiki/Config-variables for details
+# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
+#
+CA="https://pebble:14000/dir"
+
+VALIDATE_VIA_DNS=true
+DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv"
+DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv"
+AUTH_DNS_SERVER=10.30.50.3
+
+# Speed up the test by reducing the number or retries and the wait between retries.
+DNS_WAIT=2
+DNS_WAIT_COUNT=11
+DNS_EXTRA_WAIT=0
+
+# Additional domains - this could be multiple domains / subdomains in a comma separated list
+SANS="b.${GETSSL_HOST}, a.${GETSSL_HOST}"
+
+# Location for all your certs, these can either be on the server (full path name)
+# or using ssh /sftp as for the ACL
+DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
+DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
+CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
+DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
+DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
+
+# The command needed to reload apache / nginx or whatever you use
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
+
+# Define the server type and confirm correct certificate is installed
+SERVER_TYPE="https"
+CHECK_REMOTE="false"
+IGNORE_DIRECTORY_DOMAIN="true"
+
+#_USE_DEBUG=1
+#_RUNNING_TEST=1