--- a/base/univention-ssl/gencertificate.py	
+++ a/base/univention-ssl/gencertificate.py	
@@ -36,6 +36,7 @@ 
 from listener import configRegistry, setuid, unsetuid
 import grp
 import os
+import tempfile
 
 import univention.debug as ud
 import subprocess
@@ -159,11 +160,14 @@ def create_certificate(hostname, domainname):
 		ud.debug(ud.LISTENER, ud.INFO,
 				'CERTIFICATE: Creating certificate %s' % hostname)
 
-		cmd = '. /usr/share/univention-ssl/make-certificates.sh;gencert "%s" "%s"' % \
-				(fqdn, fqdn)
-		ret = subprocess.call(cmd, shell=True)
-		if ret:
-			raise Exception("Certificate creation failed.")
+		with tempfile.NamedTemporaryFile() as fd:
+			fd.write('. /usr/share/univention-ssl/make-certificates.sh;gencert "$UCS_FQDN" "$UCS_FQDN"')
+			fd.flush()
+			env = os.environ.copy()
+			env['UCS_FQDN'] = fqdn
+			ret = subprocess.call(['/bin/sh', fd.name], env=env)
+			if ret:
+				raise Exception("Certificate creation failed.")
 
 	# Create symlink
 	try: