diff --git a/internal/server/acme/lego.go b/internal/server/acme/lego.go
index 290b6a4..4a7ab89 100644
--- a/internal/server/acme/lego.go
+++ b/internal/server/acme/lego.go
@@ -3,6 +3,7 @@ package acme
 import (
 	"errors"
 	"fmt"
+	"regexp"
 
 	"github.com/go-acme/lego/v4/certificate"
 	"github.com/go-acme/lego/v4/challenge"
@@ -16,6 +17,9 @@ import (
 
 const DnsProviderRoute53 = "route53"
 
+// removes double line breaks
+var lineBreaksRegex = regexp.MustCompile(`(\r\n?|\n){2,}`)
+
 type GoLego struct {
 	client *lego.Client
 }
@@ -159,9 +163,14 @@ func fromLego(other *certificate.Resource) certstorage.AcmeCertificate {
 		Domain:            other.Domain,
 		CertURL:           other.CertURL,
 		CertStableURL:     other.CertStableURL,
-		PrivateKey:        other.PrivateKey,
-		Certificate:       other.Certificate,
-		IssuerCertificate: other.IssuerCertificate,
-		CSR:               other.CSR,
+		PrivateKey:        fixLineBreaks(other.PrivateKey),
+		Certificate:       fixLineBreaks(other.Certificate),
+		IssuerCertificate: fixLineBreaks(other.IssuerCertificate),
+		CSR:               fixLineBreaks(other.CSR),
 	}
 }
+
+func fixLineBreaks(input []byte) (ret []byte) {
+	ret = []byte(lineBreaksRegex.ReplaceAll(input, []byte("$1")))
+	return
+}
diff --git a/internal/server/acme/lego_test.go b/internal/server/acme/lego_test.go
new file mode 100644
index 0000000..91df029
--- /dev/null
+++ b/internal/server/acme/lego_test.go
@@ -0,0 +1,30 @@
+package acme
+
+import (
+	"reflect"
+	"testing"
+)
+
+func Test_fixLineBreaks(t *testing.T) {
+	cert := []byte(`-----BEGIN CERTIFICATE-----
+example data
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+more example data
+-----END CERTIFICATE-----
+
+`)
+	wanted := []byte(`-----BEGIN CERTIFICATE-----
+example data
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+more example data
+-----END CERTIFICATE-----
+`)
+
+	got := fixLineBreaks(cert)
+	if !reflect.DeepEqual(got, wanted) {
+		t.Errorf("Expected %s, got %s", string(wanted), string(got))
+	}
+}