diff --git a/files/certbot-renewal.sh b/files/certbot-renewal.sh
index f035826..3e9bd99 100644
--- a/files/certbot-renewal.sh
+++ b/files/certbot-renewal.sh
@@ -1,10 +1,25 @@
 #! /bin/bash
+#should probably add logic to only halt/reload once (and only if necessary)
+function halt() {
+    #stop services if necessary
+    if [ -d /var/lib/ipa/ ]
+        #stop httpd
+        systemctl stop httpd
+    fi
+}
 function reload() {
     #reload/restart relevant services
     if [ -d /etc/nginx/certs/ ]
     then
         systemctl reload nginx
     fi
+    if [ -d /var/lib/ipa/ ]
+        #restart httpd
+        /scripts/install_cacerts.sh
+        systemctl start httpd
+        #load cert
+    fi
+
 }
 
 dom=`date +%d`
@@ -21,6 +36,7 @@ do
     if [[ $today > $expires ]]
     then
         echo Certificate for $f is expired, renewing >> $log
+        halt()
         certbot renew --cert-name $f >> /var/log/certbot-renewal.log
         reload()
         continue
@@ -34,6 +50,7 @@ do
         if [[ $dom -eq $rdate ]]
         then
             echo Date falls within renewal window for $f, attempting renewal >> $log
+            halt()
             certbot renew --cert-name $f >> $log
             reload()
             break