diff --git a/docs/usage.rst b/docs/usage.rst
index 032f4b28304eb02cbecbf7e8a8416b64d2ef7392..fa2a2c5ccc6936500958ed068fdbfe8439669ba8 100644
--- a/docs/usage.rst
+++ b/docs/usage.rst
@@ -214,21 +214,12 @@ Key usage and extended key usage in certificate are set typical TLS
 server use (e.g. *digital signature* + *key encipherment* for KU, and
 *TLS WWW server authentication* for EKU).
 
-Rerunning the command will not overwrite existing data. However, if
-you made a mistake with additional DNS subject alternative names, you
-can easily fix this with the ``--update-dns-names`` option::
-
-  # Replace existing additional names.
-  gimmecert server --update-dns-names myserver correctname.example.com
-
-  # Remove additional names altogether.
-  gimmecert server --update-dns-names myserver
+Rerunning the command will not overwrite existing data.
 
-The ``--update-dns-command`` will keep the private key intact - only
-the certificate will be renewed. If you haven't issued any certificate
-for this server entity before, though, the option is ignored, and the
-command behaves as if it was not specified (so you still get a private
-key and certificate).
+.. note::
+   For changing the list of additional subject alternative names
+   included in already issued server certificates, see the
+   ``--update-dns-names`` option in the ``gimmecert renew`` command.
 
 In addition to generating a private key, it is also possible to
 pass-in a certificate signing request (CSR). If specified path is a
@@ -319,11 +310,6 @@ The command will:
 - Overwrite the existing certificate with a new one.
 - Show information where the artifacts can be grabbed from.
 
-.. note::
-   For changing the list of additional subject alternative names
-   included in server certificates, see the ``--update-dns-names`` for
-   the ``gimmecert server`` command.
-
 To also generate a new private key during renewal, use the
 ``--new-private-key`` or ``-p`` option. For example::
 
@@ -339,6 +325,19 @@ example::
   gimmecert renew --csr - server myserver < /tmp/myserver.csr.pem
   gimmecert renew --csr - client myclient
 
+If you initially made a mistake when providing additional DNS subject
+alternative names for a server certificate, you can easily fix this
+with the ``--update-dns-names`` or ``-u`` option::
+
+  # Replace existing additional names with just one name.
+  gimmecert renew server --update-dns-names "correctname.example.com" myserver
+
+  # Replace existing additional names with mutliple names.
+  gimmecert renew server --update-dns-names "correctname1.example.com,correctname2.example.com" myserver 
+
+  # Remove additional names altogether.
+  gimmecert renew server --update-dns-names "" myserver
+
 
 Getting information about CA hierarchy and issued certificates
 --------------------------------------------------------------
diff --git a/gimmecert/cli.py b/gimmecert/cli.py
index c942aad4f9b0d086c4ea7e8653a60a268c1772c7..ea0612a2f09d1c2d7454291982050caa9573996b 100644
--- a/gimmecert/cli.py
+++ b/gimmecert/cli.py
@@ -57,16 +57,16 @@ Examples:
     # Issue a TLS client certificate by using public key from the CSR (naming/extensions are ignored).
     gimmecert client myclient --csr /tmp/myclient.csr.pem
 
-    # Renew a TLS server certificate with updated DNS subject alternative names. Keeps the private key if any.
+    # Renew a TLS server certificate, preserving naming and private key.
+    gimmecert renew server myserver
+
+    # Renew a TLS server certificate, replacing the extra DNS names, but keeping the private key.
     gimmecert server myserver wrongdns.local
-    gimmecert server --update-dns-names myserver correctdns1.local correctdns2.local
+    gimmecert renew server myserver --update-dns-names "correctdns1.local,correctdns2.local"
 
-    # Renew a TLS server certificate removing extra DNS subject alternative names. Keeps the private key if any.
+    # Renew a TLS server certificate, removing extra DNS subject alternative names, but keeping the private key.
     gimmecert server myserver dontneedthisname.local
-    gimmecert server myserver --update-dns-names
-
-    # Renew a TLS server certificate, preserving naming and private key.
-    gimmecert renew server myserver
+    gimmecert renew server myserver --update-dns-names ""
 
     # Renew a TLS client certificate, preserving naming and private key.
     gimmecert renew client myclient