diff --git a/api.go b/api.go
index 54d6e5b..95a59d2 100644
--- a/api.go
+++ b/api.go
@@ -160,7 +160,7 @@ func apiPutDomain(c echo.Context) error {
 	var certgroup_slot int
 	//add domain to list
 	for n, cg := range certgroups {
-		if len(cg.Domains) < 99 { //can't have more than 100 names on a single cert
+		if len(cg.Domains) < (appconf.MaxDomainsPerCert - 1) { //can't have more than 100 names on a single cert
 			cg.Domains = append(cg.Domains, domain)
 			certgroups[n] = cg //replace with appended version
 			certgroup_slot = n //set slot we need to run renewal for
diff --git a/leapi_config.json.sample b/leapi_config.json.sample
index 7c1d496..fe3f8da 100644
--- a/leapi_config.json.sample
+++ b/leapi_config.json.sample
@@ -11,13 +11,14 @@
 	"frontend_url":"admin.mydomain.net",	 	//the frontend URL, if any (for CORS). Use "-" if none.
 	"http_server_port":"80",					//set to 80 if you aren't using a separate web server
 	"https_server_port":"-",					//set to "-" to disable HTTPS (mainly useful for initial setup)
-	"tls_cert_path":"/etc/ssl/cert.crt",
-	"tls_key_path":"/etc/ssl/privkey.key",
-	"tls_chain_path":"/etc/ssl/chain.crt",
-	"tls_pem_path":"/etc/ssl/domain.pem",
-	"tls_ca_path":"/etc/ssl/ca.crt",
+	"tls_cert_path_prefix":"/etc/ssl/cert",
+	"tls_key_path_prefix":"/etc/ssl/privkey",
+	"tls_chain_path_prefix":"/etc/ssl/chain",
+	"tls_pem_path_prefix":"/etc/ssl/domain",
+	"tls_ca_path_prefix":"/etc/ssl/ca",
 	"letsencrypt_validation_path":"-",			//if "-", LEAPI handles this and you don't use a separate web server
 	"renew_allow_days":"70",
+	"max_domains_per_cert":100,
 	"reload_command":"systemctl reload leapi ; systemctl restart nginx",
 	"check_port":"443", //the port/service to check to verify cert installation (https/imap/imaps/xmpp/ftp/smtp)
 	"production":false, //if false, the staging LE server will be used. Set true to use the rate limited real server.
diff --git a/main.go b/main.go
index 7576487..ad9f92e 100644
--- a/main.go
+++ b/main.go
@@ -60,11 +60,12 @@ type LEAPIConfig struct {
 	Debug                     bool   `json:"debug"`
 	HTTP_ServerPort           string `json:"http_server_port"`
 	HTTPS_ServerPort          string `json:"https_server_port"`
-	TLSCertPath               string `json:"tls_cert_path"`
-	TLSKeyPath                string `json:"tls_key_path"`
-	TLSChainPath              string `json:"tls_chain_path"`
-	TLSPEMPath                string `json:"tls_pem_path"`
-	TLSCAPath                 string `json:"tls_ca_path"`
+	TLSCertPath               string `json:"tls_cert_path_prefix"`
+	TLSKeyPath                string `json:"tls_key_path_prefix"`
+	TLSChainPath              string `json:"tls_chain_path_prefix"`
+	TLSPEMPath                string `json:"tls_pem_path_prefix"`
+	TLSCAPath                 string `json:"tls_ca_path_prefix"`
+	MaxDomainsPerCert         int    `json:"max_domains_per_cert"` //can't have more than 100 names on a single cert
 	FrontEndURL               string `json:"frontend_url"`
 	PrimaryDomain             string `json:"primary_domain"`
 	LetsEncryptValidationPath string `json:"letsencrypt_validation_path"`