diff --git a/acme/tls_sni_challenge.go b/acme/tls_sni_challenge.go
index c36f6acc..f184b17a 100644
--- a/acme/tls_sni_challenge.go
+++ b/acme/tls_sni_challenge.go
@@ -40,12 +40,12 @@ func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
 	return t.validate(t.jws, domain, chlng.URI, challenge{Resource: "challenge", Type: chlng.Type, Token: chlng.Token, KeyAuthorization: keyAuth})
 }
 
-// TLSSNI01ChallengeCert returns a certificate for the `tls-sni-01` challenge
-func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) {
+// TLSSNI01ChallengeCert returns a certificate and target domain for the `tls-sni-01` challenge
+func TLSSNI01ChallengeCertDomain(keyAuth string) (tls.Certificate, string, error) {
 	// generate a new RSA key for the certificates
 	tempPrivKey, err := generatePrivateKey(RSA2048)
 	if err != nil {
-		return tls.Certificate{}, err
+		return tls.Certificate{}, "", err
 	}
 	rsaPrivKey := tempPrivKey.(*rsa.PrivateKey)
 	rsaPrivPEM := pemEncode(rsaPrivKey)
@@ -55,13 +55,19 @@ func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) {
 	domain := fmt.Sprintf("%s.%s.acme.invalid", z[:32], z[32:])
 	tempCertPEM, err := generatePemCert(rsaPrivKey, domain)
 	if err != nil {
-		return tls.Certificate{}, err
+		return tls.Certificate{}, "", err
 	}
 
 	certificate, err := tls.X509KeyPair(tempCertPEM, rsaPrivPEM)
 	if err != nil {
-		return tls.Certificate{}, err
+		return tls.Certificate{}, "", err
 	}
 
-	return certificate, nil
+	return certificate, domain, nil
+}
+
+// TLSSNI01ChallengeCert returns a certificate for the `tls-sni-01` challenge
+func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) {
+	cert, _, err := TLSSNI01ChallengeCertDomain(keyAuth)
+	return cert, err
 }