diff --git a/README.md b/README.md
index 0f740837..ed628d9e 100644
--- a/README.md
+++ b/README.md
@@ -1573,7 +1573,7 @@ cors can be configured with `--acao` and `--acam`, or the protections entirely d
 
 you can hash passwords  before putting them into config files / providing them as arguments; see `--help-pwhash` for all the details
 
-basically, specify `--ah-alg argon2` to enable the feature and it will print the hashed passwords on startup so you can replace the plaintext ones
+`--ah-alg argon2` enables it, and if you have any plaintext passwords then it'll print the hashed versions on startup so you can replace them
 
 optionally also specify `--ah-cli` to enter an interactive mode where it will hash passwords without ever writing the plaintext ones to disk
 
diff --git a/copyparty/__main__.py b/copyparty/__main__.py
index bdd581ec..3bc0edfc 100755
--- a/copyparty/__main__.py
+++ b/copyparty/__main__.py
@@ -774,6 +774,7 @@ def add_cert(ap, cert_path):
     ap2.add_argument("--crt-exact", action="store_true", help="do not add wildcard entries for each --crt-ns")
     ap2.add_argument("--crt-noip", action="store_true", help="do not add autodetected IP addresses into cert")
     ap2.add_argument("--crt-nolo", action="store_true", help="do not add 127.0.0.1 / localhost into cert")
+    ap2.add_argument("--crt-nohn", action="store_true", help="do not add mDNS names / hostname into cert")
     ap2.add_argument("--crt-dir", metavar="PATH", default=cert_dir, help="where to save the CA cert")
     ap2.add_argument("--crt-cdays", metavar="D", type=float, default=3650, help="ca-certificate expiration time in days")
     ap2.add_argument("--crt-sdays", metavar="D", type=float, default=365, help="server-cert expiration time in days")
diff --git a/copyparty/cert.py b/copyparty/cert.py
index 59c64563..c5e1d28f 100644
--- a/copyparty/cert.py
+++ b/copyparty/cert.py
@@ -121,6 +121,9 @@ def _gen_srv(log: "RootLogger", args, netdevs: dict[str, Netdev]):
             names.append(ip.split("/")[0])
     if args.crt_nolo:
         names = [x for x in names if x not in ("localhost", "127.0.0.1", "::1")]
+    if not args.crt_nohn:
+        names.append(args.name)
+        names.append(args.name + ".local")
     if not names:
         names = ["127.0.0.1"]
     if "127.0.0.1" in names or "::1" in names: