diff --git a/examples/shell/nsd/dnssec.sh b/examples/shell/nsd/dnssec.sh
new file mode 100644
index 0000000..72b5a05
--- /dev/null
+++ b/examples/shell/nsd/dnssec.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+if [ -z "$2" ]; then exit 1; fi
+CURRENTDIR=$(pwd) # save current dir
+ZONEDIR="/srv/vcomm/dns/" # location of your zone files
+ZONE=$1
+ZONEFILE=$2
+cd "$ZONEDIR" || exit
+SERIAL=$(/usr/sbin/named-checkzone "$ZONE" "$ZONEFILE" | grep -Rho '[0-9]{10}')
+echo "Updated to serial: $SERIAL"
+sed -i 's/'$SERIAL'/'$(($SERIAL+1))'/' "$ZONEFILE"
+/usr/sbin/dnssec-signzone -A -3 "$(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16)" -N increment -o "$ZONE" -t "$ZONEFILE"
+cd "$CURRENTDIR" || exit
+sudo nsd-control reload
+cp /srv/vcomm/tls/plantroon.com/fullchain.cer /srv/vapps/mailcow-dockerized/data/assets/ssl/cert.pem
+cp /srv/vcomm/tls/plantroon.com/plantroon.com.key /srv/vapps/mailcow-dockerized/data/assets/ssl/key.pem
+postfix_c=$(docker ps -qaf name=postfix-mailcow)
+dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
+nginx_c=$(docker ps -qaf name=nginx-mailcow)
+sudo docker restart "${postfix_c}" "${dovecot_c}" "${nginx_c}"
\ No newline at end of file