diff --git a/.gitignore b/.gitignore
index 83c1a2fc..4647aeb5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,6 +26,10 @@ debian/alternc-upnp.substvars
 debian/alternc.debhelper.log
 debian/alternc.postrm.debhelper
 debian/alternc.substvars
+debian/alternc-ssl
+debian/alternc-ssl.debhelper.log
+debian/alternc-ssl.postrm.debhelper
+debian/alternc-ssl.substvars
 debian/files
 lang/de_DE.po
 lang/es_ES.po
diff --git a/ssl/Makefile b/ssl/Makefile
index 2a1a9539..939dbd75 100755
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -22,7 +22,7 @@ install:
 	install -m 0755 -g root -o root update_ssl.php $(DESTDIR)/usr/lib/alternc/
 # incron
 	install -m 0755 -g root -o root ssl_alias_manager.sh $(DESTDIR)/usr/lib/alternc/
-	install -m 0644 -g root -o root 
+	install -m 0644 -g root -o root alternc-ssl.incron.d $(DESTDIR)/etc/incron.d/
 
 	install -m 0644 -g 1999 -o root panel/class/m_ssl.php $(DESTDIR)/usr/share/alternc/panel/class/
 	install -m 0644 -g 1999 -o root panel/admin/*.php $(DESTDIR)/usr/share/alternc/panel/admin/
diff --git a/ssl/alternc-ssl.incron.d b/ssl/alternc-ssl.incron.d
new file mode 100644
index 00000000..a58c9478
--- /dev/null
+++ b/ssl/alternc-ssl.incron.d
@@ -0,0 +1 @@
+/var/run/alternc/generate_certif_alias IN_CREATE,IN_ATTRIB,IN_NO_LOOP /usr/lib/alternc/ssl_alias_manager.sh
diff --git a/ssl/panel/class/m_ssl.php b/ssl/panel/class/m_ssl.php
index 28377def..7121fb3e 100644
--- a/ssl/panel/class/m_ssl.php
+++ b/ssl/panel/class/m_ssl.php
@@ -42,6 +42,7 @@ class m_ssl {
   const FILTER_EXPIRED = 4;
   const FILTER_SHARED = 8;
 
+  const SSL_INCRON_FILE = "/var/run/alternc/generate_certif_alias";
 
   /* ----------------------------------------------------------------- */
   /**
@@ -424,7 +425,7 @@ class m_ssl {
       return false;
     }
     $db->query("INSERT INTO certif_alias SET name='".addslashes($name)."', value='".addslashes($value)."', uid=".intval($cuid).";");
-    touch("/tmp/generate_certif_alias");
+    touch(self::SSL_INCRON_FILE);
     return true;
   }
 
@@ -444,7 +445,7 @@ class m_ssl {
       return false;
     }
     $db->query("DELETE FROM certif_alias WHERE name='".addslashes($name)."' AND uid=".intval($cuid).";");
-    touch("/tmp/generate_certif_alias");
+    touch(self::SSL_INCRON_FILE);
     return true;
   }
 
diff --git a/ssl/ssl_alias_manager.sh b/ssl/ssl_alias_manager.sh
index ba20414d..9f2d9921 100644
--- a/ssl/ssl_alias_manager.sh
+++ b/ssl/ssl_alias_manager.sh
@@ -1,7 +1,10 @@
 #!/bin/bash
 
+rm -f /var/run/alternc/generate_certif_alias
+
 # Launched by incron when /tmp/generate_certif_alias exists
 # regenerate the list of global aliases used by Comodo for certificate ownership validation
+# FIXME: how do we lock that, ensuring we don't launch this more than once ?
 APACHECONF=/etc/apache2/conf.d/alternc-ssl_cert-alias.conf
 TMP=/tmp/alternc-ssl_cert-alias_${$}.tmp
 FILEDIR=/var/lib/alternc/ssl-cert-alias