diff --git a/README.md b/README.md
index 665f7a4..0f984ef 100644
--- a/README.md
+++ b/README.md
@@ -8,3 +8,5 @@ The webroot should be mounted to the real webhost's acme-challenge dir, like:
     -v /host/real_webroot/.well-known/acme-challenge/:/srv/acme/webroot/.well-known/acme-challenge/
 
 Master process logs in /srv/acme/logs/ are useful for debugging
+
+The certs (and account.json) will be placed in /srv/acme/certs/
diff --git a/simplewrapper.py b/simplewrapper.py
index 730fee5..f355ce7 100644
--- a/simplewrapper.py
+++ b/simplewrapper.py
@@ -4,6 +4,7 @@ from subprocess import Popen, TimeoutExpired
 import os
 
 
+OUTPUT_DIR = "/srv/acme/certs/"
 CONF_DIR = "/srv/acme/conf/"
 WEB_ROOT = "/srv/acme/webroot/"
 
@@ -16,12 +17,14 @@ def main():
         with open(os.path.join(domain_dir, "aliases")) as f:
             aliases = [i.strip() for i in f.read().strip().split()]
 
-        call_le(email, aliases, domain_dir)
+        output_dir = os.path.join(OUTPUT_DIR, name)
+        os.makedirs(output_dir, exist_ok=True)
+        os.chdir(output_dir)
+        call_le(email, aliases)
 
 
-def call_le(email, domain_names, cwd):
+def call_le(email, domain_names):
     assert domain_names
-    os.chdir(cwd)
 
     le_call = ["simp_le",
                "--email", email,
@@ -47,6 +50,8 @@ def call_le(email, domain_names, cwd):
     elif p.returncode == 2:
         print("error updating {}1".format(domain_names[0]))
 
+    return p.returncode
+
 
 if __name__ == '__main__':
     main()
diff --git a/start b/start
index e613742..72a0bb5 100644
--- a/start
+++ b/start
@@ -1,6 +1,6 @@
 #!/bin/bash -eux
 
-mkdir -p /srv/acme/webroot/.well-known/acme-challenge /srv/acme/conf /srv/acme/logs
+mkdir -p /srv/acme/webroot/.well-known/acme-challenge /srv/acme/conf /srv/acme/logs /srv/acme/certs
 chown -R simplecert /srv/acme
 
 exec cron -f