diff --git a/data/hooks/conf_regen/02-ssl b/data/hooks/conf_regen/02-ssl
index 555ef3cf8..ab4280af9 100755
--- a/data/hooks/conf_regen/02-ssl
+++ b/data/hooks/conf_regen/02-ssl
@@ -24,7 +24,7 @@ do_init_regen() {
 
   # initialize some files
   [[ -f "${ssl_dir}/serial" ]] \
-    || echo "00" > "${ssl_dir}/serial"
+    || openssl rand -hex 19 > "${ssl_dir}/serial"
   [[ -f "${ssl_dir}/index.txt" ]] \
     || touch "${ssl_dir}/index.txt"
 
diff --git a/data/templates/ssl/openssl.cnf b/data/templates/ssl/openssl.cnf
index ac8c422e3..fa5d19fa3 100644
--- a/data/templates/ssl/openssl.cnf
+++ b/data/templates/ssl/openssl.cnf
@@ -43,7 +43,7 @@ unique_subject	= no			# Set to 'no' to allow creation of
 new_certs_dir	= $dir/newcerts		# default place for new certs.
 
 certificate	= $dir/ca/cacert.pem 	# The CA certificate
-#serial		= $dir/serial 		# The current serial number
+serial		= $dir/serial 		# The current serial number
 #crlnumber	= $dir/crlnumber	# the current crl number
 					# must be commented out to leave a V1 CRL
 crl		= $dir/crl.pem 		# The current CRL
diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py
index 2817a3057..271947b3d 100644
--- a/src/yunohost/tools.py
+++ b/src/yunohost/tools.py
@@ -383,6 +383,8 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
     # Create SSL CA
     service_regen_conf(['ssl'], force=True)
     ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
+    # (Update the serial so that it's specific to this very instance)
+    os.system("openssl rand -hex 19 > %s/serial" % ssl_dir)
     commands = [
         'rm %s/index.txt' % ssl_dir,
         'touch %s/index.txt' % ssl_dir,