diff --git a/home.admin/config.scripts/internet.dyndomain.sh b/home.admin/config.scripts/internet.dyndomain.sh
index 23815e9..67f29e3 100755
--- a/home.admin/config.scripts/internet.dyndomain.sh
+++ b/home.admin/config.scripts/internet.dyndomain.sh
@@ -110,27 +110,8 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
   echo "DynamicDNS is now OFF"
 fi
 
-echo "deleting TLSCert"
-sudo rm /mnt/hdd/lnd/tls.* 2>/dev/null
-echo "let lnd generate new TLSCert"
-sudo -u bitcoin /usr/local/bin/lnd &>/dev/null &
-echo "wait until generated"
-newCertExists=0
-count=0
-while [ ${newCertExists} -eq 0 ]
-do
-  count=$(($count + 1))
-  echo "(${count}/60) check for cert"
-  if [ ${count} -gt 60 ]; then
-    echo "FAIL - was not able to generate new LND certs"
-    exit 1
-  fi
-  newCertExists=$(sudo ls /mnt/hdd/lnd/tls.cert 2>/dev/null | grep -c '.cert')
-  sleep 2
-done
-sudo killall /usr/local/bin/lnd
-echo "copy new cert to admin user"
-sudo cp /mnt/hdd/lnd/tls.cert /home/admin/.lnd
+# refresh TLS cert
+sudo /home/admin/config.scripts/lnd.newtlscert.sh
 
 echo "may needs reboot to run normal again"
 exit 0
\ No newline at end of file
diff --git a/home.admin/config.scripts/lnd.autounlock.sh b/home.admin/config.scripts/lnd.autounlock.sh
index a00a5c8..0cc8096 100755
--- a/home.admin/config.scripts/lnd.autounlock.sh
+++ b/home.admin/config.scripts/lnd.autounlock.sh
@@ -70,6 +70,8 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
       # add REST config to lnd.conf (for old configs)
       sudo sh -c "echo \"restlisten=0.0.0.0:8080\" >> /mnt/hdd/lnd/lnd.conf"
       echo "LND REST config added -> restlisten=0.0.0.0:8080'"
+      # refresh TLS cert
+      sudo /home/admin/config.scripts/lnd.newtlscert.sh
     fi
   else
     echo "LND REST config OK -> restlisten=0.0.0.0:8080'"
diff --git a/home.admin/config.scripts/lnd.newtlscert.sh b/home.admin/config.scripts/lnd.newtlscert.sh
new file mode 100644
index 0000000..6b99010
--- /dev/null
+++ b/home.admin/config.scripts/lnd.newtlscert.sh
@@ -0,0 +1,29 @@
+
+#!/bin/bash
+
+# stop services
+echo "making sure services are not running"
+sudo systemctl stop lnd 2>/dev/null
+
+echo "deleting TLSCert"
+sudo rm /mnt/hdd/lnd/tls.* 2>/dev/null
+echo "let lnd generate new TLSCert"
+sudo -u bitcoin /usr/local/bin/lnd &>/dev/null &
+echo "wait until generated"
+newCertExists=0
+count=0
+while [ ${newCertExists} -eq 0 ]
+do
+  count=$(($count + 1))
+  echo "(${count}/60) check for cert"
+  if [ ${count} -gt 60 ]; then
+    echo "FAIL - was not able to generate new LND certs"
+    exit 1
+  fi
+  newCertExists=$(sudo ls /mnt/hdd/lnd/tls.cert 2>/dev/null | grep -c '.cert')
+  sleep 2
+done
+sudo killall /usr/local/bin/lnd
+echo "copy new cert to admin user"
+sudo cp /mnt/hdd/lnd/tls.cert /home/admin/.lnd
+echo "OK TLS certs are fresh"
\ No newline at end of file