diff --git a/cm.sh b/cm.sh
index 18ee74283dd968ecfdc9f0cd62cf686cd879c398..319239f9911299003c07bc81bd13f29246c62fe4 100755
--- a/cm.sh
+++ b/cm.sh
@@ -213,6 +213,21 @@ function public_add(){
 	_update "added $CM_fqdn $*"
 }
 
+#
+# pulic function ADD OR RENEW certificate
+# 
+function public_add-or-renew(){
+	_requiresFqdn
+	_certExists
+	if [ $? -eq 0 ]; then
+		_wd "--- cert was found ... renew it"
+		public_renew
+	else
+		_wd "--- cert does mot exist ... add it"
+		public_add
+	fi
+}
+
 #
 # public function to delete a cert
 #
@@ -343,12 +358,20 @@ $self ACTION [FQDN]
 
 The ACTIONs for single certificate handlings are:
 
-        add  FQDN [.. FQDN-N] 
-                create new certificate ... or force it
+        add FQDN [.. FQDN-N] 
+                create new certificate
                 The first FQDN is a hostname to generate the certificate for. 
                 Following multiple hostnames will be used as DNS aliases in the 
                 same certificate.
 
+        add-or-renew FQDN [.. FQDN-N] 
+                This param is for automation tools like Ansible or Puppet.
+				It checks if the certificate for first (*) FQDN exists.
+				If not: add a new cert (see "add").
+				If so: call renew action (see "renew")
+
+				(*) it doesn't verify the DNS aliases
+
         delete FQDN
                 delete a given certificate
 
diff --git a/readme.md b/readme.md
index a223cf82698522f359a328e0729c43ac17c4d77f..004fd4b537d54516cb24c4808cc0dc1d0819bdab 100644
--- a/readme.md
+++ b/readme.md
@@ -37,12 +37,20 @@ cm.sh ACTION [FQDN]
 
 The ACTIONs for single certificate handlings are:
 
-        add  FQDN [.. FQDN-N] 
-                create new certificate ... or force it
+        add FQDN [.. FQDN-N] 
+                create new certificate
                 The first FQDN is a hostname to generate the certificate for. 
                 Following multiple hostnames will be used as DNS aliases in the 
                 same certificate.
 
+        add-or-renew FQDN [.. FQDN-N] 
+                This param is for automation tools like Ansible or Puppet.
+                It checks if the certificate for first (*) FQDN exists.
+                If not: add a new cert (see "add").
+                If so: call renew action (see "renew")
+
+                (*) it doesn't verify the DNS aliases
+
         delete FQDN
                 delete a given certificate
 
@@ -57,5 +65,4 @@ ACTIONs for all certs
         list
                 list all certificates including creation and renew date
 
-
 ```