diff --git a/README.md b/README.md
index 659f980..ae95aed 100644
--- a/README.md
+++ b/README.md
@@ -53,6 +53,9 @@ cn: ~
 
 # subject alt names (list of strings)
 san: []
+
+# services to restart if this certificate changes
+depending_services: []
 ```
 
 ### Backends
@@ -66,6 +69,7 @@ remainingdays: 28
 
 # challange type to use, can be:
 # 'dns-01': use the dns challange and a custom power dns backend
+# 'dns-01-manual': use the dns challange and manualy set the dns record
 # 'http-01: use the http challange and deploy the challanges to a webserver
 challange: dns-01
 
diff --git a/defaults/main.yml b/defaults/main.yml
index 50d4160..f5fe661 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -14,4 +14,5 @@ certificates:
     ou: "cyber"
     cn: ~
     san: []
+    depending_services: []
   certs: {}
diff --git a/tasks/common_post.yml b/tasks/common_post.yml
new file mode 100644
index 0000000..f164cbf
--- /dev/null
+++ b/tasks/common_post.yml
@@ -0,0 +1,7 @@
+- name: restart depending services
+  when:
+    - certchanged
+  loop: "{{ cert.depending_services }}"
+  service:
+    name: "{{ item }}"
+    state: restarted
diff --git a/tasks/letsencrypt_cert.yml b/tasks/letsencrypt_cert.yml
index 5e3ddec..c0bef52 100644
--- a/tasks/letsencrypt_cert.yml
+++ b/tasks/letsencrypt_cert.yml
@@ -1,5 +1,8 @@
 - include_tasks: common_cert.yml
 
+- set_fact:
+    external_challange_type: "{{ map_challange_type_letsencrypt[certificates.backends.letsencrypt.challange]|d(certificates.backends.letsencrypt.challange) }}"
+
 - name: "get challange for {{ certname }}"
   acme_certificate: &acmetask
     force: "{{ task_generate_csr is changed }}"
@@ -11,7 +14,7 @@
     dest: "{{ cert.certpath }}"
     fullchain_dest: "{{ cert.chainpath }}"
     remaining_days: "{{ certificates.backends.letsencrypt.remainingdays }}"
-    challenge: "{{ certificates.backends.letsencrypt.challange }}"
+    challenge: "{{ external_challange_type }}"
     deactivate_authzs: yes
   register: challenge
 
@@ -27,6 +30,21 @@
     - "{{ challenge.challenge_data[item.1]['dns-01'].record }}"
     - "{{ challenge.challenge_data[item.1]['dns-01'].resource_value }}"
 
+- name: "setup challenge server for {{ certname }} (manual dns challange)"
+  when:
+  - challenge is changed
+  - certificates.backends.letsencrypt.challange == "dns-01-manual"
+  loop: "{{ challenge.challenge_data_dns|d({})|dict2items }}"
+  debug:
+    msg: "add the following dns record: '{{ item.key }}.': { TXT: '{{ item.value[0] }}' }"
+
+- name: wait for challenges in dns (manual dns challange)
+  pause:
+    prompt: "When the relevant lines were added to dns and synced, press enter"
+  when:
+  - challenge is changed
+  - certificates.backends.letsencrypt.challange == "dns-01-manual"
+
 - name: "setup challenge server for {{ certname }} (http challange)"
   when:
   - challenge is changed
@@ -41,3 +59,8 @@
   acme_certificate:
     <<: *acmetask
     data: "{{ challenge }}"
+
+- set_fact:
+    certchanged: "{{ challenge is changed }}"
+- name: handle postflight
+  include: common_post.yml
diff --git a/vars/main.yml b/vars/main.yml
new file mode 100644
index 0000000..168ac56
--- /dev/null
+++ b/vars/main.yml
@@ -0,0 +1,3 @@
+map_challange_type_letsencrypt:
+  'dns-01-manual': 'dns-01'
+