diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp
index 031c60cfa..aad862c6f 100644
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -235,6 +235,7 @@ void ApiListener::Start(bool runtimeCreated)
 		<< "'" << GetName() << "' started.";
 
 	SyncLocalZoneDirs();
+	RenewOwnCert();
 
 	ObjectImpl<ApiListener>::Start(runtimeCreated);
 
@@ -285,6 +286,39 @@ void ApiListener::Start(bool runtimeCreated)
 	OnMasterChanged(true);
 }
 
+void ApiListener::RenewOwnCert()
+{
+	if (!Utility::PathExists(GetIcingaCADir() + "/ca.key")) {
+		return;
+	}
+
+	auto certPath (GetDefaultCertPath());
+	auto cert (GetX509Certificate(certPath));
+
+	if (IsCertUptodate(cert)) {
+		return;
+	}
+
+	Log(LogInformation, "ApiListener")
+		<< "Our certificate will expire soon, but we own the CA. Renewing.";
+
+	cert = RenewCert(cert);
+
+	if (!cert) {
+		return;
+	}
+
+	std::fstream certfp;
+	auto tempCertPath (Utility::CreateTempFile(certPath + ".XXXXXX", 0644, certfp));
+
+	certfp.exceptions(std::ofstream::failbit | std::ofstream::badbit);
+	certfp << CertificateToString(cert);
+	certfp.close();
+
+	Utility::RenameFile(tempCertPath, certPath);
+	UpdateSSLContext();
+}
+
 void ApiListener::Stop(bool runtimeDeleted)
 {
 	ObjectImpl<ApiListener>::Stop(runtimeDeleted);
diff --git a/lib/remote/apilistener.hpp b/lib/remote/apilistener.hpp
index e52a3ac5b..960f75431 100644
--- a/lib/remote/apilistener.hpp
+++ b/lib/remote/apilistener.hpp
@@ -222,6 +222,7 @@ private:
 
 	void SyncLocalZoneDirs() const;
 	void SyncLocalZoneDir(const Zone::Ptr& zone) const;
+	void RenewOwnCert();
 
 	void SendConfigUpdate(const JsonRpcConnection::Ptr& aclient);