diff --git a/lofar_cryptocoryne/cli.py b/lofar_cryptocoryne/cli.py
index 0bedb5f7af431faf57f18f2f0839a4a845c65877..d8e05acb91c7be20215585e77d13d55fa2259f3d 100644
--- a/lofar_cryptocoryne/cli.py
+++ b/lofar_cryptocoryne/cli.py
@@ -2,6 +2,8 @@
 #  SPDX-License-Identifier: Apache-2.0
 
 """ Cryptocoryne certbot cli entrypoint """
+import time
+
 import acme.errors
 import hvac
 
@@ -37,15 +39,24 @@ def main():
             print("Waiting for DNS to propagate...")
             if client.check_dns_propagation(timeout=1200):
                 print("Succeed. Request certificate")
-                client.request_certificate()
+                for _ in range(3):
+                    try:
+                        client.request_certificate()
+                    except acme.errors.ValidationError as ve:
+                        print(f"ValidationError: {ve.failed_authzrs}")
+                    else:
+                        break
+                    print("Request failed. Retry in", end=" ")
+                    for t in range(5):
+                        time.sleep(1)
+                        print(t, end=" ")
+                    print("...")
                 certificate.fullchain = client.certificate
                 vault_store.put_certificate(certificate)
                 print("Done")
             else:
                 print("Failed to issue certificate for " + str(client.domains))
 
-        except acme.errors.ValidationError as ve:
-            print(f"ValidatinError: {ve.failed_authzrs}")
         except Exception as e:  # pylint: disable=broad-exception-caught
             print(f"{type(e)}: {e}")
         finally: