diff --git a/data/hooks/conf_regen/12-metronome b/data/hooks/conf_regen/12-metronome
index 0cfb42fd4..5c9c67f11 100755
--- a/data/hooks/conf_regen/12-metronome
+++ b/data/hooks/conf_regen/12-metronome
@@ -42,16 +42,18 @@ do_post_regen() {
   regen_conf_files=$1
 
   # retrieve variables
+  main_domain=$(cat /etc/yunohost/current_host)
   domain_list=$(yunohost domain list --output-as plain --quiet)
 
   # create metronome directories for domains
   for domain in $domain_list; do
     mkdir -p "/var/lib/metronome/${domain//./%2e}/pep"
-    # http_upload directory must be writable by metronome and readable by nginx
-    mkdir -p  "/var/xmpp-upload/${domain}/upload"
-    chmod g+s "/var/xmpp-upload/${domain}/upload"
-    chown -R metronome:www-data "/var/xmpp-upload/${domain}"
   done
+  # http_upload directory must be writable by metronome and readable by nginx
+  mkdir -p  "/var/xmpp-upload/${main_domain}/upload"
+  chmod g+s "/var/xmpp-upload/${main_domain}/upload"
+  chown -R metronome:www-data "/var/xmpp-upload/${main_domain}"
+
 
   # fix some permissions
   chown -R metronome: /var/lib/metronome/
diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py
index e49db9733..31a4c1200 100644
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@@ -43,6 +43,7 @@ from yunohost.utils.network import get_public_ip
 
 from moulinette import m18n
 from yunohost.app import app_ssowatconf
+from yunohost.domain import _get_maindomain
 from yunohost.service import _run_service_command
 from yunohost.regenconf import regen_conf
 from yunohost.log import OperationLogger
@@ -639,14 +640,15 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
     # Set the domain
     csr.get_subject().CN = domain
 
-    # Include xmpp-upload subdomain in subject alternate names
-    subdomain="xmpp-upload." + domain
-    try:
-        _check_domain_is_ready_for_ACME(subdomain)
-        logger.info("Subdmain {} is ready for ACME and will be included in the certificate.".format(subdomain))
-        csr.add_extensions([crypto.X509Extension("subjectAltName", False, "DNS:" + subdomain)])
-    except YunohostError:
-        logger.warning(m18n.n('certmanager_warning_subdomain_dns_record', subdomain=subdomain, domain=domain))
+    if domain == _get_maindomain():
+        # Include xmpp-upload subdomain in subject alternate names
+        subdomain="xmpp-upload." + domain
+        try:
+            _check_domain_is_ready_for_ACME(subdomain)
+            logger.info("Subdmain {} is ready for ACME and will be included in the certificate.".format(subdomain))
+            csr.add_extensions([crypto.X509Extension("subjectAltName", False, "DNS:" + subdomain)])
+        except YunohostError:
+            logger.warning(m18n.n('certmanager_warning_subdomain_dns_record', subdomain=subdomain, domain=domain))
 
     # Set the key
     with open(key_file, 'rt') as f: