diff --git a/tsuru/client/certificate.go b/tsuru/client/certificate.go
index 746b270c..e30f6d0c 100644
--- a/tsuru/client/certificate.go
+++ b/tsuru/client/certificate.go
@@ -408,21 +408,26 @@ func (c *CertificateIssuerSet) Run(context *cmd.Context) error {
 
 type CertificateIssuerUnset struct {
 	tsuruClientApp.AppNameMixIn
-	cname string
+	cmd.ConfirmationCommand
 	fs    *gnuflag.FlagSet
+	cname string
 }
 
 func (c *CertificateIssuerUnset) Info() *cmd.Info {
 	return &cmd.Info{
 		Name:  "certificate-issuer-unset",
-		Usage: "certificate issuer unset [-a/--app appname] [-c/--cname CNAME]",
+		Usage: "certificate issuer unset [-a/--app appname] [-c/--cname CNAME] [-y/--assume-yes]",
 		Desc:  `Unset a certificate issuer from a specific app.`,
 	}
 }
 
 func (c *CertificateIssuerUnset) Flags() *gnuflag.FlagSet {
 	if c.fs == nil {
-		c.fs = c.AppNameMixIn.Flags()
+		c.fs = mergeFlagSet(
+			c.AppNameMixIn.Flags(),
+			c.ConfirmationCommand.Flags(),
+		)
+
 		cname := "App CNAME"
 		c.fs.StringVar(&c.cname, "cname", "", cname)
 		c.fs.StringVar(&c.cname, "c", "", cname)
@@ -440,6 +445,10 @@ func (c *CertificateIssuerUnset) Run(context *cmd.Context) error {
 		return errors.New("You must set cname.")
 	}
 
+	if !c.Confirm(context, fmt.Sprintf(`Are you sure you want to remove certificate issuer for cname: "%s"?`, c.cname)) {
+		return nil
+	}
+
 	v := url.Values{}
 	v.Set("cname", c.cname)
 	u, err := config.GetURLVersion("1.0", fmt.Sprintf("/apps/%s/certissuer?%s", appName, v.Encode()))
diff --git a/tsuru/client/certificate_test.go b/tsuru/client/certificate_test.go
index ccbe1e59..c8bb01be 100644
--- a/tsuru/client/certificate_test.go
+++ b/tsuru/client/certificate_test.go
@@ -280,6 +280,7 @@ func (s *S) TestCertificateIssuerUnsetRunSuccessfully(c *check.C) {
 	context := cmd.Context{
 		Stdout: &stdout,
 		Stderr: &stderr,
+		Stdin:  strings.NewReader("y\n"),
 	}
 	requestCount := 0
 	trans := &cmdtest.ConditionalTransport{
@@ -293,12 +294,40 @@ func (s *S) TestCertificateIssuerUnsetRunSuccessfully(c *check.C) {
 			return url && method && cname
 		},
 	}
+	expected := `Are you sure you want to remove certificate issuer for cname: "app.io"? (y/n) `
+	expected += "Certificate issuer removed.\n"
 	s.setupFakeTransport(trans)
 	command := CertificateIssuerUnset{}
 	command.Flags().Parse(true, []string{"-a", "secret", "-c", "app.io"})
 	c.Assert(command.cname, check.Equals, "app.io")
 	err := command.Run(&context)
 	c.Assert(err, check.IsNil)
-	c.Assert(stdout.String(), check.Equals, "Certificate issuer removed.\n")
+	c.Assert(stdout.String(), check.Equals, expected)
 	c.Assert(requestCount, check.Equals, 1)
 }
+
+func (s *S) TestCertificateIssuerUnsetRunWithoutAsking(c *check.C) {
+	var stdout, stderr bytes.Buffer
+	context := cmd.Context{
+		Stdout: &stdout,
+		Stderr: &stderr,
+	}
+	trans := &cmdtest.ConditionalTransport{
+		Transport: cmdtest.Transport{Status: http.StatusNoContent},
+		CondFunc: func(req *http.Request) bool {
+			url := strings.HasSuffix(req.URL.Path, "/apps/secret/certissuer")
+			method := req.Method == http.MethodDelete
+			cname := req.FormValue("cname") == "app.io"
+
+			return url && method && cname
+		},
+	}
+	expected := "Certificate issuer removed.\n"
+	s.setupFakeTransport(trans)
+	command := CertificateIssuerUnset{}
+	command.Flags().Parse(true, []string{"-a", "secret", "-c", "app.io", "-y"})
+	c.Assert(command.cname, check.Equals, "app.io")
+	err := command.Run(&context)
+	c.Assert(err, check.IsNil)
+	c.Assert(stdout.String(), check.Equals, expected)
+}