diff --git a/cm.sh b/cm.sh
index 5749837531cf1c41953ad741d8d12405e0b24655..c2759f7cca50821996a5f2a03be67027f266ad6d 100755
--- a/cm.sh
+++ b/cm.sh
@@ -18,6 +18,7 @@
 # 2021-02-17  <axel.hahn@iml.unibe.ch>  ensure checks list of aliases; new: optional host filter before adding a cert
 # 2021-03-12  <axel.hahn@iml.unibe.ch>  create file for haproxy
 # 2021-03-22  <axel.hahn@iml.unibe.ch>  for haproxy: use chained cert instead of server cert
+# 2021-04-12  <axel.hahn@iml.unibe.ch>  reject multiple usage of fqdn in cli params
 # ======================================================================
 
 
@@ -255,7 +256,23 @@ function _sortWords(){
 	echo $* | tr " " "\n" | sort | tr "\n" " "
 }
 
-
+# internal function; verify fqdn in cli params - each fqdn is allowed only once.
+# on error it shows the count of usage of each fqdn
+function _testFqdncount(){
+	typeset -i local iHostsInParam=$( echo $* | wc -w )
+	typeset -i iHostsUniq=$( echo $* | tr " " "\n" | sort -u | wc -w )
+	if [ $iHostsInParam -ne $iHostsUniq ]; then
+		echo "ERROR: each given FQDN is allowed only once. You need to remove double entries."
+		
+		for myhost in $( echo $* | tr " " "\n" | sort -u )
+		do
+			typeset -i iHostcount=$( echo $* | tr " " "\n" | grep "^$myhost$" | wc -l )
+			test $iHostcount -gt 1 && echo "  $iHostcount x $myhost"
+		done
+		echo
+		exit 1
+	fi
+}
 # ----------------------------------------------------------------------
 #
 # PUBLIC FUNCTIONS
@@ -523,6 +540,8 @@ if [ $# -gt 0 -a $? -eq 0 ]; then
 	CM_fqdn=$2
 	shift 2
 
+	_testFqdncount $CM_fqdn $*
+
 	test -z "${ACME}" && ACME=$( which acme.sh )
 	if [ ! -x "${ACME}" ]; then
 		echo "ERROR: acme.sh not found. You need to install acme.sh client and configure it in inc_config.sh."