diff --git a/root/certbot-prepare.sh b/root/certbot-prepare.sh
index 550aa66..edaa9e5 100644
--- a/root/certbot-prepare.sh
+++ b/root/certbot-prepare.sh
@@ -1,7 +1,7 @@
 #!/command/with-contenv bash
 # shellcheck shell=bash
 
-#Creating needed folders and files if they don't already exist
+# Creating needed folders and files if they don't already exist
 if [ ! -d /config/.secrets ]
 then
     mkdir /config/.secrets
@@ -32,10 +32,80 @@ then
     touch /config/.crontab.txt
 fi
 
-#Cleanup renew list and create it fresh, ready for commands to be run and added
-echo "#!/command/with-contenv bash" > /config/renew-list.sh
+# Cleanup renew list and create it fresh, ready for commands to be run and added
+echo "#!/command/with-contenv bash" > /config/.renew-list.sh
 echo "" >> /config/.renew-list.sh
 
+# Create original config file to track changes to environmental variables
+if [ ! -f /config/.donoteditthisfile ]
+then
+    echo -e "ORIGDOMAINS=\"${DOMAINS}\" ORIGEMAIL=\"${EMAIL}\" ORIGSTAGING=\"${STAGING}\" ORIGCUSTOM_CA=\"${CUSTOM_CA}\" ORIGCUSTOM_CA_SERVER=\"${CUSTOM_CA_SERVER}\" ORIGPLUGIN=\"${PLUGIN}\" ORIGPROPOGATION_TIME=\"${PROPOGATION_TIME}\"" > /config/.donoteditthisfile
+    echo "Created .donoteditthisfile"
+fi
+
+# Load original config file
+. /config/.donoteditthisfile
+
+# Checking for changes to config file, revoke certs if necessary
+if [ ! "${DOMAINS}" = "${ORIGDOMAINS}" ] ||
+    [ ! "${EMAIL}" = "${ORIGEMAIL}" ] ||
+    [ ! "${STAGING}" = "${ORIGSTAGING}" ] ||
+    [ ! "${CUSTOM_CA}" = "${ORIGCUSTOM_CA}" ] ||
+    [ ! "${CUSTOM_CA_SERVER}" = "${ORIGCUSTOM_CA_SERVER}" ] ||
+    [ ! "${PLUGIN}" = "${ORIGPLUGIN}" ] ||
+    [ ! "${PROPOGATION_TIME}" = "${ORIGPROPOGATION_TIME}" ]
+then
+
+    echo "Configuration has changed since the last certificate was issued. Revoking and regenerating certs"
+    FIRST_DOMAIN=$(echo $ORIGDOMAINS | cut -d \, -f1)
+
+    if [ ! -z $ORIGCUSTOM_CA ]
+    then
+
+        echo "A custom CA was used for issuing. Using it to revoke as well."
+
+        if [ ! -d /config/custom_ca ]
+        then
+            mkdir /config/custom_ca
+            echo "Please place the custom CA root file used to generate the current certificate into /config/custom_ca and restart the container"
+            exit 1
+        fi
+
+        if [ -z "$(ls -A /config/custom_ca)" ]
+        then
+            echo "A root certificate called ${ORIGCUSTOM_CA} was used to generate a certificate, but the /config/custom_ca dir is now empty. Please place this root certificate back this directory and restart the container so it can be safely revoked"
+            exit 1
+        fi
+
+        ORIGCUSTOM_CA_PATH=/config/custom_ca/$ORIGCUSTOM_CA
+        ORIGCUSTOM_CA_SERVER_OPT="--server $ORIGCUSTOM_CA_SERVER"
+
+    fi
+
+     if [ $ORIGSTAGING = "true" ]
+     then
+
+        # Reusing the CUSTOM_CA_SERVER_OPT variable to add staging option if that was selected
+        ORIGCUSTOM_CA_SERVER_OPT="--server https://acme-staging-v02.api.letsencrypt.org/directory"
+
+    fi
+
+    if [ -f /config/letsencrypt/live/"${FIRST_DOMAIN}"/fullchain.pem ]
+    then
+
+        REQUESTS_CA_BUNDLE=$ORIGCUSTOM_CA_PATH certbot revoke --non-interactive --agree-tos --email $ORIGEMAIL --config-dir /config/letsencrypt --work-dir /config/.tmp --logs-dir /config/logs --cert-path /config/letsencrypt/live/"${FIRST_DOMAIN}"/fullchain.pem $ORIGCUSTOM_CA_SERVER_OPT || true
+
+        rm -rf /config/letsencrypt/archive/"${FIRST_DOMAIN}"
+        rm -rf /config/letsencrypt/live/"${FIRST_DOMAIN}"
+        rm -rf /config/letsencrypt/renewal/"${FIRST_DOMAIN}".conf
+
+    fi
+
+fi
+
+# Update config file with new env vars
+echo -e "ORIGDOMAINS=\"${DOMAINS}\" ORIGEMAIL=\"${EMAIL}\" ORIGSTAGING=\"${STAGING}\" ORIGCUSTOM_CA=\"${CUSTOM_CA}\" ORIGCUSTOM_CA_SERVER=\"${CUSTOM_CA_SERVER}\" ORIGPLUGIN=\"${PLUGIN}\" ORIGPROPOGATION_TIME=\"${PROPOGATION_TIME}\"" > /config/.donoteditthisfile
+
 function single_domain {
 
     if [ ! -z $CUSTOM_CA ]
@@ -62,17 +132,14 @@ function single_domain {
             exit 1
         fi
 
-        #REQUESTS_CA_BUNDLE=/config/custom_ca/$CUSTOM_CA
-
         CUSTOM_CA_PATH=/config/custom_ca/$CUSTOM_CA
         CUSTOM_CA_SERVER_OPT="--server $CUSTOM_CA_SERVER"
 
-        if [ $STAGING ]
+        if [ $STAGING = "true" ]
         then
 
-            echo "Staging is not supported when using a custom CA, so overriding. To remove this alert, set staging to false."
-
-            STAGING=false
+            echo "Staging option is not supported when using a custom CA. To remove this alert, set staging to false. If your CA has a standing endpoint, use the CUSTOM_CA_SERVER option to point to it instead"
+            exit 1
 
         fi
 
@@ -101,7 +168,7 @@ function single_domain {
 
         if [ ! -s /config/.secrets/cloudflare.ini ]
         then
-            echo "cloudflare.ini is empty - please add your Cloudflare credentials or API key before continuing. This can be done as an ENV var, or by editing the file directly"
+            echo "cloudflare.ini is empty - please add your Cloudflare credentials or API key before continuing. This can be done by setting CLOUDFLARE_TOKEN, or by editing /config/.secrets/cloudflare.ini directly"
 
             exit 1
         fi
@@ -116,14 +183,14 @@ function single_domain {
             echo "Using staging endpoint - THIS SHOULD BE USED FOR TESTING ONLY"
             ${BASE_COMMAND[@]} --dns-cloudflare --dns-cloudflare-propagation-seconds $PROPOGATION_TIME --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --staging
             # Add to renewal list
-            echo "REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --dns-cloudflare --dns-cloudflare-propagation-seconds $PROPOGATION_TIME --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --staging" >> /config/renew-list.sh
+            echo "REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --dns-cloudflare --dns-cloudflare-propagation-seconds $PROPOGATION_TIME --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --staging" >> /config/.renew-list.sh
             echo "Creation/renewal attempt complete"
         elif [ $STAGING = false ]
         then
             echo "Using production endpoint"
             ${BASE_COMMAND[@]} --dns-cloudflare --dns-cloudflare-propagation-seconds $PROPOGATION_TIME --dns-cloudflare-credentials /config/.secrets/cloudflare.ini
             # Add to renewal list
-            echo "REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --dns-cloudflare --dns-cloudflare-propagation-seconds $PROPOGATION_TIME --dns-cloudflare-credentials /config/.secrets/cloudflare.ini" >> /config/renew-list.sh
+            echo "REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --dns-cloudflare --dns-cloudflare-propagation-seconds $PROPOGATION_TIME --dns-cloudflare-credentials /config/.secrets/cloudflare.ini" >> /config/.renew-list.sh
             echo "Creation/renewal attempt complete"
         else
             echo "Unrecognised option for STAGING variable - check your configuration"
@@ -142,14 +209,14 @@ function single_domain {
             echo "Using staging endpoint - THIS SHOULD BE USED FOR TESTING ONLY"
             REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --standalone --staging
             # Add to renewal list
-            echo "REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --standalone --staging" >> /config/renew-list.sh
+            echo "REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --standalone --staging" >> /config/.renew-list.sh
             echo "Creation/renewal attempt complete"
         elif [ $STAGING = false ]
         then
             echo "Using production endpoint"
             REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --standalone
             # Add to renewal list
-            echo "REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --standalone" >> /config/renew-list.sh
+            echo "REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --standalone" >> /config/.renew-list.sh
             echo "Creation/renewal attempt complete"
         else
             echo "Unrecognised option for STAGING variable - check your configuration"
@@ -168,14 +235,14 @@ function single_domain {
             echo "Using staging endpoint - THIS SHOULD BE USED FOR TESTING ONLY"
             REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --webroot --webroot-path /config/webroot --staging
             # Add to renewal list
-            echo "REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --webroot --webroot-path /config/webroot --staging" >> /config/renew-list.sh
+            echo "REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --webroot --webroot-path /config/webroot --staging" >> /config/.renew-list.sh
             echo "Creation/renewal attempt complete"
         elif [ $STAGING = false ]
         then
             echo "Using production endpoint"
             REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --webroot --webroot-path /config/webroot
             # Add to renewal list
-            echo "REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --webroot --webroot-path /config/webroot" >> /config/renew-list.sh
+            echo "REQUESTS_CA_BUNDLE=$CUSTOM_CA_PATH ${BASE_COMMAND[@]} --webroot --webroot-path /config/webroot" >> /config/.renew-list.sh
             echo "Creation/renewal attempt complete"
         else
             echo "Unrecognised option for STAGING variable - check your configuration"