diff --git a/lofar_cryptocoryne/cli.py b/lofar_cryptocoryne/cli.py
index a23b5868afd2ae393cbbd3676cdaf94068533d0f..dccfff34ffe4a735391c24c9667e0dc8d96193b2 100644
--- a/lofar_cryptocoryne/cli.py
+++ b/lofar_cryptocoryne/cli.py
@@ -3,6 +3,7 @@
 
 """ Cryptocoryne certbot cli entrypoint """
 
+import acme.errors
 import hvac
 
 import lofar_cryptocoryne.dns_client as desec
@@ -37,14 +38,17 @@ def main():
             print("Waiting for DNS to propagate...")
             if client.check_dns_propagation(timeout=1200):
                 print("Succeed. Request certificate")
-                client.request_certificate()
-                certificate.fullchain = client.certificate.decode()
+                client.request_certificate(wait=10)
+                certificate.fullchain = client.certificate
+                certificate.key = client.private_key
                 vault_store.put_certificate(certificate)
                 print("Done")
             else:
                 print("Failed to issue certificate for " + str(client.domains))
 
+        except acme.errors.ValidationError as ve:
+            print(f"ValidationError: {ve.failed_authzrs}")
         except Exception as e:  # pylint: disable=broad-exception-caught
-            print(e)
+            print(f"{type(e)}: {e}")
         finally:
             dns_client.cleanup()
diff --git a/lofar_cryptocoryne/client.py b/lofar_cryptocoryne/client.py
index 28a76ffb53dcf5a27f10cb979f73541f774331c4..e78854fe4b3b6841fbb9d3ea4ee997c09096af64 100644
--- a/lofar_cryptocoryne/client.py
+++ b/lofar_cryptocoryne/client.py
@@ -3,12 +3,15 @@
 
 """ Various clients """
 
+import socket
 from urllib.parse import urlparse
+
+import consul
+import josepy as jose
+import simple_acme_dns
 from acme import client as acme_client
 from acme import messages
-import simple_acme_dns
-import josepy as jose
-import consul
+
 import lofar_cryptocoryne.dns_client as desec
 
 
@@ -27,7 +30,10 @@ def get_service_certificates() -> [(str, [str])]:
 class DnsClient:
     """DNS client"""
 
-    DNS_SERVERS = ["ns1.desec.io", "ns2.desec.org"]
+    DNS_SERVERS = [
+        socket.gethostbyname("ns1.desec.io"),
+        socket.gethostbyname("ns2.desec.org"),
+    ]
     """ Client to access the dns providers API """
 
     def __init__(self, desec_client: desec.APIClient):
@@ -38,8 +44,8 @@ class DnsClient:
         """Setup DNS TXT records to verify given domain with given tokens"""
         zone = self.desec_client.get_authoritative_domain(verify_domain)
         subname = verify_domain.rsplit(zone["name"], 1)[0].rstrip(".")
-        self.desec_client.change_record(
-            zone["name"], "TXT", subname, [f'"{tokens[0]}"']
+        self.desec_client.add_record(
+            zone["name"], "TXT", subname, [f'"{tokens[0]}"'], 3600
         )
         self.cleanups.append(
             lambda d=zone["name"], sn=subname: self.desec_client.delete_record(
diff --git a/tests/test_client.py b/tests/test_client.py
index 696e138c67e07ee6bd535cd9097bbc22ca13f2de..b50de261bfdd0e077d71a12090f8147cf400998c 100644
--- a/tests/test_client.py
+++ b/tests/test_client.py
@@ -39,8 +39,8 @@ class TestDnsClient(TestCase):
         desec_client_mock.get_authoritative_domain.assert_called_once_with(
             "verify.lofar.net"
         )
-        desec_client_mock.change_record.assert_called_once_with(
-            "lofar.net", "TXT", "verify", ['"token"']
+        desec_client_mock.add_record.assert_called_once_with(
+            "lofar.net", "TXT", "verify", ['"token"'], 3600
         )
 
         assert len(dns_client.cleanups) == 1