diff --git a/bin/ncp-provisioning.sh b/bin/ncp-provisioning.sh
index ed79f665a..8e51556d4 100644
--- a/bin/ncp-provisioning.sh
+++ b/bin/ncp-provisioning.sh
@@ -13,6 +13,7 @@ REDISPASS="$( grep "^requirepass" /etc/redis/redis.conf | cut -f2 -d' ' )"
   REDISPASS="$( openssl rand -base64 32 )"
   echo Provisioning Redis password
   sed -i -E "s|^requirepass .*|requirepass $REDISPASS|" /etc/redis/redis.conf
+  chown redis:redis /etc/redis/redis.conf
   [[ "$DOCKERBUILD" != 1 ]] && systemctl restart redis
 }
 
diff --git a/bin/ncp/CONFIG/nc-limits.sh b/bin/ncp/CONFIG/nc-limits.sh
index 925796db1..e3f7cf97f 100644
--- a/bin/ncp/CONFIG/nc-limits.sh
+++ b/bin/ncp/CONFIG/nc-limits.sh
@@ -59,6 +59,7 @@ configure()
   local CURRENT_REDIS_MEM=$( grep "^maxmemory" "$CONF" | awk '{ print $2 }' )
   [[ "$REDISMEM" != "$CURRENT_REDIS_MEM" ]] && {
     sed -i "s|^maxmemory .*|maxmemory $REDISMEM|" "$CONF"
+    chown redis:redis "$CONF"
     service redis-server restart
   }
 }
diff --git a/bin/ncp/NETWORKING/letsencrypt.sh b/bin/ncp/NETWORKING/letsencrypt.sh
index ae1cf7aa0..ddaa40dae 100644
--- a/bin/ncp/NETWORKING/letsencrypt.sh
+++ b/bin/ncp/NETWORKING/letsencrypt.sh
@@ -54,7 +54,15 @@ configure()
     sed -i "/DocumentRoot/aServerName $DOMAIN" $vhostcfg
 
   # Do it
-  $letsencrypt certonly -n --force-renew --no-self-upgrade --webroot -w $ncdir --hsts --agree-tos -m $EMAIL -d $DOMAIN && {
+  local domain_string=""
+  for domain in $DOMAIN $ADDITIONAL_DOMAIN; do
+    [[ "$domain" != "" ]] && {
+      [[ $domain_string == "" ]] && \
+        domain_string+="${domain}" || \
+        domain_string+=",${domain}"
+    }
+  done
+  $letsencrypt certonly -n --force-renew --no-self-upgrade --webroot -w $ncdir --hsts --agree-tos -m $EMAIL -d $domain_string && {
 
     # Set up auto-renewal
     cat > /etc/cron.weekly/letsencrypt-ncp <<EOF
@@ -91,7 +99,13 @@ EOF
     sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $vhostcfg2
 
     # Configure Nextcloud
-    ncc config:system:set trusted_domains 4 --value=$DOMAIN
+    local domain_index=12
+    for dom in $DOMAIN $ADDITIONAL_DOMAIN; do
+      [[ "$dom" != "" ]] && {
+        ncc config:system:set trusted_domains $domain_index --value=$dom
+        ((domain_index++))
+      }
+    done
     ncc config:system:set overwrite.cli.url --value=https://"$DOMAIN"/
 
     # delayed in bg so it does not kill the connection, and we get AJAX response
diff --git a/docker/nextcloud/020nextcloud b/docker/nextcloud/020nextcloud
index 50160316e..17f8d92ca 100755
--- a/docker/nextcloud/020nextcloud
+++ b/docker/nextcloud/020nextcloud
@@ -22,6 +22,7 @@ ln -s /data/nextcloud /var/www/nextcloud
 
 echo "Starting Redis"
 sed -i 's|^requirepass .*|requirepass default|' /etc/redis/redis.conf
+chown redis:redis /etc/redis/redis.conf
 mkdir -p /var/run/redis
 chown redis /var/run/redis
 sudo -u redis redis-server /etc/redis/redis.conf
diff --git a/etc/ncp-config.d/letsencrypt.cfg b/etc/ncp-config.d/letsencrypt.cfg
index 9af754519..ba90f18f9 100644
--- a/etc/ncp-config.d/letsencrypt.cfg
+++ b/etc/ncp-config.d/letsencrypt.cfg
@@ -12,6 +12,12 @@
       "value": "mycloud.ownyourbits.com",
       "suggest": "mycloud.ownyourbits.com"
     },
+    {
+      "id": "ADDITIONAL_DOMAIN",
+      "name": "Additional domain",
+      "value": "",
+      "suggest": "cloud.ownyourbits.com"
+    },
     {
       "id": "EMAIL",
       "name": "Email",