diff --git a/cm.sh b/cm.sh
index e2d4c7876bddef1e0461e856a29434aa111c8749..0acc5de60b7d9484df0694944fc8377c6ce42b0c 100755
--- a/cm.sh
+++ b/cm.sh
@@ -21,6 +21,7 @@
 # 2021-04-12  <axel.hahn@iml.unibe.ch>  reject multiple usage of fqdn in cli params
 # 2021-04-12  <axel.hahn@iml.unibe.ch>  optional: force excecution with a given user only
 # 2021-06-24  <axel.hahn@iml.unibe.ch>  added transfer command; delete files if acme.sh --install-cert ... failes
+# 2021-07-14  <axel.hahn@iml.unibe.ch>  added _wait_for_free_slot in cert actions to execute multiple processes sequentially
 # ======================================================================
 
 
@@ -249,6 +250,26 @@ function _update(){
 	test ${writelog} && echo "[$( date )] $*" >> ${logfile}
 }
 
+# "neverending" loop that waits until the current process is
+# the one with lowest PID
+function _wait_for_free_slot(){
+    local _bWait=true
+    typeset -i local _iFirstPID=0
+    _wd "--- Need to wait until own process PID $$ is on top ... "
+    while [ $_bWait = true ];
+    do
+        _iFirstPID=$( ps -ef | grep "bash.*$0" | grep -v "grep" | sort -k 2 -n | head -1 | awk '{ print $2}' )
+        if [ $_iFirstPID -eq $$ ]; then
+            _bWait=false
+            _wd "OK. Go!"
+        else
+            _wd "- all instances"
+            test ${showdebug} && ps -ef | grep "bash.*$0" | grep -v "grep" | sort -k 2 -n
+            sleep 10
+        fi
+    done
+}
+
 # write debug output if showdebug is set to 1
 function _wd(){
 	test ${showdebug} && echo "DEBUG: $*"
@@ -304,6 +325,7 @@ function _testFqdncount(){
 # pulic function ADD certificate
 # 
 function public_add(){
+	_wait_for_free_slot
 	_requiresFqdn
 	_certMustNotExist
 
@@ -342,6 +364,7 @@ function public_add(){
 # pulic function ADD OR RENEW certificate
 # 
 function public_ensure(){
+	_wait_for_free_slot
 	_requiresFqdn
 	_certExists
 	if [ $? -eq 0 ]; then
@@ -369,6 +392,7 @@ function public_ensure(){
 # public function to delete a cert
 #
 function public_delete(){
+	_wait_for_free_slot
 	_requiresFqdn
 	_certMustExist
 
@@ -394,6 +418,7 @@ function public_list(){
 # public function - renew a certificate
 # param  string  fqdn of domain to renew
 function public_renew(){
+	_wait_for_free_slot
 	_requiresFqdn
 	_certMustExist
 	$ACME --renew -d ${CM_fqdn} $ACME_Params
@@ -525,6 +550,7 @@ function public_show(){
 
 # Transfer cert from acme.sh internal cache to our output dir again
 function public_transfer(){
+	_wait_for_free_slot
 	_requiresFqdn
 	_certExists