diff --git a/net/acme-common/files/acme.init b/net/acme-common/files/acme.init
index 4f1a8f4d6..d577bfaf5 100644
--- a/net/acme-common/files/acme.init
+++ b/net/acme-common/files/acme.init
@@ -12,6 +12,8 @@ LOG_TAG=acme
 # shellcheck source=net/acme/files/functions.sh
 . "$IPKG_INSTROOT/usr/lib/acme/functions.sh"
 
+extra_command "renew" "Start a certificate renew"
+
 cleanup() {
 	log debug "cleaning up"
 	if [ -e $run_dir/lock ]; then
@@ -140,6 +142,23 @@ load_globals() {
 
 start_service() {
 	mkdir -p $run_dir
+	mkdir -p "$CHALLENGE_DIR"
+
+	grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null || {
+		echo "0 0 * * * /etc/init.d/acme renew" >>/etc/crontabs/root
+	}
+}
+
+service_started() {
+	echo "Certificate renewal enabled via cron. To renew now, run '/etc/init.d/acme renew'."
+}
+
+service_triggers() {
+	procd_add_config_trigger config.change acme \
+		/etc/init.d/acme renew
+}
+
+renew() {
 	exec 200>$run_dir/lock
 	if ! flock -n 200; then
 		log err "Another ACME instance is already running."
@@ -153,13 +172,3 @@ start_service() {
 
 	config_foreach get_cert cert
 }
-
-service_triggers() {
-	procd_add_config_trigger config.change acme \
-		/etc/init.d/acme start
-}
-
-boot() {
-        mkdir -p "$CHALLENGE_DIR"
-        return 0
-}
diff --git a/net/acme-common/files/acme.uci-defaults b/net/acme-common/files/acme.uci-defaults
index d6c51604a..bf1bcb10f 100644
--- a/net/acme-common/files/acme.uci-defaults
+++ b/net/acme-common/files/acme.uci-defaults
@@ -53,5 +53,9 @@ config_load acme
 config_foreach handle_cert cert
 uci_commit
 
-grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null && exit 0
-echo "0 0 * * * /etc/init.d/acme start" >>/etc/crontabs/root
+# Migrate '/etc/init.d/acme start' to '/etc/init.d/acme renew'
+grep -q '/etc/init.d/acme start' /etc/crontabs/root 2>/dev/null && {
+	echo "0 0 * * * /etc/init.d/acme renew" >>/etc/crontabs/root
+}
+
+exit 0