diff --git a/cm.sh b/cm.sh
index e3dc9da5411eca435a95fdac1262d8ceacb69317..166117dfda39a551bdc7c68fe2f6d124f6b15f07 100755
--- a/cm.sh
+++ b/cm.sh
@@ -27,6 +27,7 @@
 # 2022-01-10  <axel.hahn@iml.unibe.ch>  _wait_for_free_slot: exclude ssh calls 
 # 2022-03-30  <axel.hahn@iml.unibe.ch>  remove usage of csr and generation of key file
 # 2022-03-31  <axel.hahn@iml.unibe.ch>  dns authentication with alias domain
+# 2022-04-04  <axel.hahn@iml.unibe.ch>  Bugfix: copy key from csr folder to ~/.acme/
 # ======================================================================
 
 
@@ -516,6 +517,20 @@ function public_renew(){
 	_wait_for_free_slot
 	_requiresFqdn
 	_certMustExist
+
+	# BUGFIX: acme.sh does not create a new key file on renew.
+	# After switching from csr method to pram -d we got a 0 byte Keyfile
+	local _acme_keyfile="~/.acme/${CM_fqdn}/${CM_fqdn}.key"
+	if test ! -f "$_acme_keyfile"
+	then
+		echo "FIX: copy key from csr folder $CM_filekey to $_acme_keyfile"
+		if ! cp "$CM_filekey" "$_acme_keyfile"
+		then
+			exit 1
+		fi
+	fi
+	# /BUGFIX
+
 	$ACME --renew -d ${CM_fqdn} $ACME_Params
 	local _rc=$?