diff --git a/sign-cert.py b/sign-cert.py
index e0f8914..4fb06fb 100755
--- a/sign-cert.py
+++ b/sign-cert.py
@@ -1,5 +1,6 @@
 #!/usr/bin/python3
 
+import os
 import sys
 import time
 import json
@@ -204,6 +205,7 @@ class Session:
 
   # step 5.2
   # in: self.answers_prefix
+  # returns: temporary filename to remove after authorization
   def prepare_challenge_answer(self, token):
     log('prepare challenge answer')
     answer = token + '.' + str(key.thumbprint(jwk.hashes.SHA256()))
@@ -212,6 +214,7 @@ class Session:
     log('  write answer to file: ' + filename)
     with open(filename, 'w') as f:
       f.write( answer )
+    return filename
 
 
   # step 5.3
@@ -239,6 +242,13 @@ class Session:
     raise Exception('authorization was not happened')
 
 
+  # step 5.5
+  # in: self.answers_prefix
+  def remove_challenge_answer(self, filename):
+    log('remove challenge answer file: ' + filename)
+    os.remove(filename)
+
+
   # step 5 all
   # uses: get_request, post_signed_request (also see 'in' and 'out' there)
   # in: self.url_authorizations
@@ -246,9 +256,10 @@ class Session:
     log('process authorizations')
     for url_authorization in self.url_authorizations:
       url_chall, token = self.fetch_authorization(url_authorization)
-      self.prepare_challenge_answer(token)
+      tmpfile = self.prepare_challenge_answer(token)
       self.notify_challenge_ready(url_chall)
       self.wait_authorization(url_authorization)
+      self.remove_challenge_answer(tmpfile)
     log('all authorizations success')