diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml
index 26543721e..91c5b2aad 100644
--- a/data/actionsmap/yunohost.yml
+++ b/data/actionsmap/yunohost.yml
@@ -1266,7 +1266,7 @@ tools:
 
         ### tools_maindomain()
         maindomain:
-            action_help: Main domain change tool
+            action_help: Check the current main domain, or change it
             api:
                 - GET /domains/main
                 - PUT /domains/main
@@ -1274,12 +1274,9 @@ tools:
                 authenticate: all
                 lock: false
             arguments:
-                -o:
-                    full: --old-domain
-                    extra:
-                        pattern: *pattern_domain
                 -n:
                     full: --new-domain
+                    help: Change the current main domain
                     extra:
                         pattern: *pattern_domain
 
diff --git a/locales/en.json b/locales/en.json
index e44f87778..6d0ec34bd 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -258,5 +258,6 @@
     "certmanager_hit_rate_limit" :"Too many certificates already issued for exact set of domains {domain:s} recently. Please try again later. See https://letsencrypt.org/docs/rate-limits/ for more details.",
     "certmanager_cert_signing_failed" : "Signing the new certificate failed.",
     "certmanager_no_cert_file" : "Unable to read certificate file for domain {domain:s} (file : {file:s})",
-    "certmanager_conflicting_nginx_file": "Unable to prepare domain for ACME challenge : the nginx configuration file {filepath:s} is conflicting and should be removed first."
+    "certmanager_conflicting_nginx_file": "Unable to prepare domain for ACME challenge : the nginx configuration file {filepath:s} is conflicting and should be removed first.",
+    "domain_cannot_remove_main": "Cannot remove main domain. Set a new main domain first"
 }
diff --git a/src/yunohost/domain.py b/src/yunohost/domain.py
index 415585087..1aeab33ef 100644
--- a/src/yunohost/domain.py
+++ b/src/yunohost/domain.py
@@ -113,6 +113,7 @@ def domain_add(auth, domain, dyndns=False):
                 raise MoulinetteError(errno.EINVAL,
                                       m18n.n('domain_dyndns_root_unknown'))
 
+
     try:
         yunohost.certificate._certificate_install_selfsigned([domain], False)
 
@@ -158,6 +159,10 @@ def domain_remove(auth, domain, force=False):
     if not force and domain not in domain_list(auth)['domains']:
         raise MoulinetteError(errno.EINVAL, m18n.n('domain_unknown'))
 
+    # Check domain is not the main domain
+    if domain == _get_maindomain():
+        raise MoulinetteError(errno.EINVAL, m18n.n('domain_cannot_remove_main'))
+
     # Check if apps are installed on the domain
     for app in os.listdir('/etc/yunohost/apps/'):
         with open('/etc/yunohost/apps/' + app +'/settings.yml') as f:
@@ -284,3 +289,13 @@ def get_public_ip(protocol=4):
         logger.debug('cannot retrieve public IPv%d' % protocol, exc_info=1)
         raise MoulinetteError(errno.ENETUNREACH,
                               m18n.n('no_internet_connection'))
+
+
+def _get_maindomain():
+    with open('/etc/yunohost/current_host', 'r') as f:
+        maindomain = f.readline().rstrip()
+    return maindomain
+
+def _set_maindomain(domain):
+    with open('/etc/yunohost/current_host', 'w') as f:
+        f.write(domain)
diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py
index 475bf9b7f..7cc221683 100644
--- a/src/yunohost/tools.py
+++ b/src/yunohost/tools.py
@@ -39,7 +39,7 @@ import apt.progress
 from moulinette.core import MoulinetteError, init_authenticator
 from moulinette.utils.log import getActionLogger
 from yunohost.app import app_fetchlist, app_info, app_upgrade, app_ssowatconf, app_list
-from yunohost.domain import domain_add, domain_list, get_public_ip
+from yunohost.domain import domain_add, domain_list, get_public_ip, _get_maindomain, _set_maindomain
 from yunohost.dyndns import dyndns_subscribe
 from yunohost.firewall import firewall_upnp
 from yunohost.service import service_status, service_regen_conf, service_log
@@ -125,52 +125,44 @@ def tools_adminpw(auth, new_password):
         logger.success(m18n.n('admin_password_changed'))
 
 
-def tools_maindomain(auth, old_domain=None, new_domain=None, dyndns=False):
+def tools_maindomain(auth, new_domain=None):
     """
-    Main domain change tool
+    Check the current main domain, or change it
 
     Keyword argument:
-        new_domain
-        old_domain
+        new_domain -- The new domain to be set as the main domain
 
     """
-    if not old_domain:
-        with open('/etc/yunohost/current_host', 'r') as f:
-            old_domain = f.readline().rstrip()
-
-        if not new_domain:
-            return { 'current_main_domain': old_domain }
 
+    # If no new domain specified, we return the current main domain
     if not new_domain:
-        raise MoulinetteError(errno.EINVAL, m18n.n('new_domain_required'))
+        return {'current_main_domain': _get_maindomain()}
+
+    # Check domain exists
     if new_domain not in domain_list(auth)['domains']:
-        domain_add(auth, new_domain)
+        raise MoulinetteError(errno.EINVAL, m18n.n('domain_unknown'))
 
-    os.system('rm /etc/ssl/private/yunohost_key.pem')
-    os.system('rm /etc/ssl/certs/yunohost_crt.pem')
+    # Apply changes to ssl certs
+    ssl_key = "/etc/ssl/private/yunohost_key.pem"
+    ssl_crt = "/etc/ssl/private/yunohost_crt.pem"
+    new_ssl_key = "/etc/yunohost/certs/%s/key.pem" % new_domain
+    new_ssl_crt = "/etc/yunohost/certs/%s/crt.pem" % new_domain
 
-    command_list = [
-        'ln -s /etc/yunohost/certs/%s/key.pem /etc/ssl/private/yunohost_key.pem' % new_domain,
-        'ln -s /etc/yunohost/certs/%s/crt.pem /etc/ssl/certs/yunohost_crt.pem'   % new_domain,
-        'echo %s > /etc/yunohost/current_host' % new_domain,
-    ]
+    try:
+        if os.path.exists(ssl_key) or os.path.lexists(ssl_key):
+            os.remove(ssl_key)
+        if os.path.exists(ssl_crt) or os.path.lexists(ssl_crt):
+            os.remove(ssl_crt)
 
-    for command in command_list:
-        if os.system(command) != 0:
-            raise MoulinetteError(errno.EPERM,
-                                  m18n.n('maindomain_change_failed'))
+        os.symlink(new_ssl_key, ssl_key)
+        os.symlink(new_ssl_crt, ssl_crt)
 
-    if dyndns and len(new_domain.split('.')) >= 3:
-        try:
-            r = requests.get('https://dyndns.yunohost.org/domains')
-        except requests.ConnectionError:
-            pass
-        else:
-            dyndomains = json.loads(r.text)
-            dyndomain  = '.'.join(new_domain.split('.')[1:])
-            if dyndomain in dyndomains:
-                dyndns_subscribe(domain=new_domain)
+        _set_maindomain(new_domain)
+    except Exception as e:
+        logger.warning("%s" % e, exc_info=1)
+        raise MoulinetteError(errno.EPERM, m18n.n('maindomain_change_failed'))
 
+    # Regen configurations
     try:
         with open('/etc/yunohost/installed', 'r') as f:
             service_regen_conf()
@@ -285,7 +277,8 @@ def tools_postinstall(domain, password, ignore_dyndns=False):
                                   m18n.n('yunohost_ca_creation_failed'))
 
     # New domain config
-    tools_maindomain(auth, old_domain='yunohost.org', new_domain=domain, dyndns=dyndns)
+    domain_add(auth, domain, dyndns)
+    tools_maindomain(auth, domain)
 
     # Generate SSOwat configuration file
     app_ssowatconf(auth)