diff --git a/bureau/class/m_ssl.php b/bureau/class/m_ssl.php
index 96fef790..508ba3d2 100644
--- a/bureau/class/m_ssl.php
+++ b/bureau/class/m_ssl.php
@@ -133,6 +133,7 @@ class m_ssl {
             }
             $dom->unlock();
             $this->last_certificate_id=$maxid;
+            variable_set('last_certificate_id',$this->last_certificate_id);
         }
     }
 
@@ -177,7 +178,7 @@ class m_ssl {
      * set the correct permissions
      * try to minimize zero-file-size risk or timing attack
      */
-    function copycert($target,$id) {
+    private function copycert($target,$id) {
         global $db;
         $db->query("SELECT * FROM certificate WHERE id=?",array($id));
         if (!$db->next_record()) return false;
diff --git a/install/upgrades/3.5.0.1.sql b/install/upgrades/3.5.0.1.sql
index f5da9c0f..4044a77d 100644
--- a/install/upgrades/3.5.0.1.sql
+++ b/install/upgrades/3.5.0.1.sql
@@ -60,6 +60,7 @@ UPDATE variable
 
 DELETE FROM variable WHERE name IN (
   'mail_human_imaps','mail_human_pop3','mail_human_pop3s',
-  'mail_human_smtps','mail_human_submission'
+  'mail_human_smtps','mail_human_submission', 'mail_human_imap', 'mail_human_smtp',
+  'ftp_human_name'
   );
       
diff --git a/src/reload-certs b/src/reload-certs
new file mode 100644
index 00000000..d29e8a2a
--- /dev/null
+++ b/src/reload-certs
@@ -0,0 +1,37 @@
+#!/usr/bin/php
+<?php
+/*
+ function called by a sysadmin when (s)he want to reload all
+ certificate configured for all subdomains, including system services.
+ launch as root as :
+ /usr/lib/alternc/reload-certs <enter>
+ system services WILL BE RELOADED
+*/
+
+// Bootstrap
+require_once("/usr/share/alternc/panel/class/config_nochk.php");
+
+if (!isset($ssl)) {
+    echo "OUPS: reload-certs launched, but ssl module not installed, exiting\n";    
+    exit();
+}
+
+if (posix_getuid()!=0) {
+    echo "This script MUST be launched as root, it should be able to overwrite files in /etc/ssl/private\n";
+    exit(-1);
+}
+
+// force reloading all valid certificates in the proper vhosts : 
+variable_set('last_certificate_id',0);
+
+$ssl->cron_new_certs();
+
+// forcibly reload all services (new certificates may apply)
+$services=array("postfix","dovecot","proftpd","apache2");
+
+foreach($services as $service) {
+    echo "Reloading $service\n";
+    passthru("service $service reload");
+    echo "Done...\n";
+}
+
diff --git a/src/update_certs.sh b/src/update_certs.sh
index ff6e0d85..f5030d0b 100755
--- a/src/update_certs.sh
+++ b/src/update_certs.sh
@@ -29,6 +29,12 @@ if (!isset($argv[1])) {
     echo "FATAL: must be launched from functions_hosting.sh !\n";
     exit();
 }
+
+if (posix_getuid()!=0) {
+    echo "This script MUST be launched as root, it should be able to overwrite files in /etc/ssl/private\n";
+    exit(-1);
+}
+
 if ( ($argv[1]=="create" || $argv[1]=="postinst" || $argv[1]=="delete") ) {
     if (count($argv)<5) {
         echo "FATAL: create/postinst/delete need 4 parameters: type domain mail value\n";