diff --git a/CHANGELOG b/CHANGELOG
index 7723bff..538bd51 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,9 +1,12 @@
+2015-12-18 Release 0.1.3
+- bugfix: using multiple pem-files failed.  Tests added.
+
 2015-12-18 Release 0.1.2
 - relax too-strict validation of strings containing keys and certificates
 
 2015-12-11 Release 0.1.1
 - fix versioned dependency on puppetlabs-stdlib in metadata
 - fix documentation errors and nits
 
 2015-12-11 Release 0.1.0
 - initial release
diff --git a/manifests/domain.pp b/manifests/domain.pp
index f57d6c8..0db3373 100644
--- a/manifests/domain.pp
+++ b/manifests/domain.pp
@@ -1,123 +1,123 @@
 # == Define hitch::domain
 #
 # This define installs pem files to the config root, and configures
 # them in the hitch config file
 #
 define hitch::domain (
   $ensure           = present,
   $cacert_content   = undef,
   $cacert_source    = undef,
   $cert_content     = undef,
   $cert_source      = undef,
   $dhparams_content = undef,
   $dhparams_source  = undef,
   $key_content      = undef,
   $key_source       = undef,
 )
 {
 
   # Parameter validation
 
   validate_re($ensure, ['^present$', '^absent$'])
 
   # Exactly one of $key_source and $key_content
   if ($key_content and $key_source) or (! $key_content and ! $key_source) {
     fail("Hitch::Domain[${title}]: Please provide key_source or key_domain")
   }
   if $key_content {
     validate_re($key_content, 'PRIVATE KEY')
   }
 
   # Exactly one of $cert_content and $cert_source
   if ($cert_content and $cert_source) or (!$cert_content and !$cert_source) {
     fail("Hitch::Domain[${title}]: Please provide cert_source or cert_domain")
   }
   if $cert_content {
     validate_re($cert_content, 'CERTIFICATE')
   }
 
   # One or zero of $cacert_content or $cacert_source
   if ($cacert_content and $cacert_source) {
     fail("Hitch::Domain[${title}]: Please do not specify both cacert_source and cacert_domain")
   }
   if $cacert_content {
     validate_re($cacert_content, 'CERTIFICATE')
   }
 
   # One of $dhparams_content or $dhparams_source, with fallback to
   # $::hitch::dhparams_file
   if ($dhparams_content and $dhparams_source) {
     fail("Hitch::Domain[${title}]: Please do not specify both dhparams_source and dhparams_domain")
   }
   if $dhparams_content {
     validate_re($dhparams_content, 'DH PARAMETERS')
   }
 
 
   include ::hitch
   include ::hitch::config
 
   $config_file = $::hitch::config_file
   validate_absolute_path($config_file)
 
   $pem_file="${::hitch::config_root}/${title}.pem"
   validate_absolute_path($pem_file)
 
 
   # Add a line to the hitch config file
   concat::fragment { "hitch::domain ${title}":
     target  => $config_file,
-    content => "pem-file = \"${pem_file}\"",
+    content => "pem-file = \"${pem_file}\"\n",
   }
 
   # Create the pem file, with (optional) ca certificate chain, a
   # certificate, a key, and finally the dh parameters
   concat { $pem_file:
     ensure => $ensure,
     mode   => '0640',
     owner  => $::hitch::file_owner,
     group  => $::hitch::group,
   }
 
   if ($cacert_content or $cacert_source) {
     concat::fragment {"${title} cacert":
       content => $cacert_content,
       source  => $cacert_source,
       target  => $pem_file,
       order   => '01',
     }
   }
 
   concat::fragment {"${title} cert":
     content => $cert_content,
     source  => $cert_source,
     target  => $pem_file,
     order   => '02',
   }
 
   concat::fragment {"${title} key":
     content => $key_content,
     source  => $key_source,
     target  => $pem_file,
     order   => '03',
   }
 
   if ! $dhparams_content {
     if $dhparams_source {
       $_dhparams_source = $dhparams_source
     }
     else {
       $_dhparams_source = $::hitch::dhparams_file
       File[$::hitch::dhparams_file] -> Concat::Fragment["${title} dhparams"]
     }
   }
 
   if ($dhparams_content or $_dhparams_source) {
     concat::fragment {"${title} dhparams":
       content => $dhparams_content,
       source  => $_dhparams_source,
       target  => $pem_file,
       order   => '04',
     }
   }
 }
diff --git a/metadata.json b/metadata.json
index 31db9df..473636c 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,34 +1,34 @@
 {
   "name": "ssm-hitch",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "author": "ssm",
   "summary": "Install and configure Hitch TLS proxy",
   "license": "Apache-2.0",
   "source": "https://github.com/ssm/ssm-hitch.git",
   "project_page": "https://github.com/ssm/ssm-hitch",
   "issues_url": "https://github.com/ssm/ssm-hitch/issues",
   "dependencies": [
     {
       "name": "puppetlabs-stdlib",
       "version_requirement": ">= 4.0.0"
     },
     {
       "name": "puppetlabs-concat",
       "version_requirement": ">= 1.0.0 <= 2.0.0"
     }
   ],
   "operatingsystem_support": [
     {
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
         "8"
       ]
     },
     {
       "operatingsystem": "RedHat",
       "operatingsystemrelease": [
         "7"
       ]
     }
   ]
 }
diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb
index 1fd7136..d827344 100644
--- a/spec/acceptance/class_spec.rb
+++ b/spec/acceptance/class_spec.rb
@@ -1,29 +1,33 @@
 require 'spec_helper_acceptance'
 
 describe 'hitch class' do
   context 'default parameters' do
     # Using puppet_apply as a helper
     it 'should work idempotently with no errors' do
       pp = <<-EOS
       class { 'hitch': }
       hitch::domain { 'example.org':
         key_source  => '/tmp/example.org_key.pem',
         cert_source => '/tmp/example.org_cert.pem',
       }
+      hitch::domain { 'example.com':
+        key_source  => '/tmp/example.com_key.pem',
+        cert_source => '/tmp/example.com_cert.pem',
+      }
       EOS
 
       # Run it twice and test for idempotency
       apply_manifest(pp, :catch_failures => true)
       apply_manifest(pp, :catch_changes  => true)
     end
 
     describe package('hitch') do
       it { is_expected.to be_installed }
     end
 
     describe service('hitch') do
       it { is_expected.to be_enabled }
       it { is_expected.to be_running }
     end
   end
 end
diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb
index a743bfa..c5abb30 100644
--- a/spec/spec_helper_acceptance.rb
+++ b/spec/spec_helper_acceptance.rb
@@ -1,25 +1,27 @@
 require 'beaker-rspec/spec_helper'
 require 'beaker-rspec/helpers/serverspec'
 require 'beaker/puppet_install_helper'
 
 run_puppet_install_helper unless ENV['BEAKER_provision'] == 'no'
 
 RSpec.configure do |c|
   # Project root
   proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
 
   # Readable test descriptions
   c.formatter = :documentation
 
   # Configure all nodes in nodeset
   c.before :suite do
     # Install module and dependencies
     puppet_module_install(:source => proj_root, :module_name => 'hitch')
     hosts.each do |host|
       on host, puppet('module', 'install', 'puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] }
       on host, puppet('module', 'install', 'puppetlabs-concat'), { :acceptable_exit_codes => [0,1] }
-      on host, 'openssl req -newkey rsa:2048 -sha256 -keyout /tmp/example.org_key.pem  -nodes -x509 -days 365 -out /tmp/example.org_cert.pem -subj "/CN=example.org"'
+      ['example.com', 'example.org'].each do |domain|
+        on host, 'openssl req -newkey rsa:2048 -sha256 -keyout /tmp/%s_key.pem -nodes -x509 -days 365 -out /tmp/%s_cert.pem -subj "/CN=%s"' % [ domain, domain, domain ]
+      end
       on host, 'ls -l /tmp'
     end
   end
 end