diff --git a/base/univention-ssl/gencertificate.py b/base/univention-ssl/gencertificate.py
index b56ba7a..d454bf3 100644
--- a/base/univention-ssl/gencertificate.py
+++ b/base/univention-ssl/gencertificate.py
@@ -159,11 +159,14 @@ def create_certificate(hostname, domainname):
 		ud.debug(ud.LISTENER, ud.INFO,
 				'CERTIFICATE: Creating certificate %s' % hostname)
 
-		cmd = '. /usr/share/univention-ssl/make-certificates.sh;gencert "%s" "%s"' % \
-				(fqdn, fqdn)
-		ret = subprocess.call(cmd, shell=True)
-		if ret:
-			raise Exception("Certificate creation failed.")
+		with tempfile.NamedTemporaryFile() as fd:
+			fd.write('. /usr/share/univention-ssl/make-certificates.sh;gencert "$UCS_FQDN" "$UCS_FQDN"')
+			fd.flush()
+			env = os.environ.copy()
+			env['UCS_FQDN'] = fqdn
+			ret = subprocess.call(['/bin/sh', fd.name])
+			if ret:
+				raise Exception("Certificate creation failed.")
 
 	# Create symlink
 	try: