diff --git a/CHANGELOG.md b/CHANGELOG.md
index a7bf028b..31654052 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## 0.17.0 (2022-XX-XX)
 
 - Add ability to connect to PostgreSQL over TLS/SSL [#745](https://github.com/juanfont/headscale/pull/745)
+- Fix CLI registration of expired machines [#754](https://github.com/juanfont/headscale/pull/754)
 
 ## 0.16.3 (2022-08-17)
 
diff --git a/api.go b/api.go
index 2d55ccd3..ac5f2a3f 100644
--- a/api.go
+++ b/api.go
@@ -346,6 +346,13 @@ func (h *Headscale) RegistrationHandler(
 		// The machine has expired
 		h.handleMachineExpired(writer, req, machineKey, registerRequest, *machine)
 
+		machine.Expiry = &time.Time{}
+		h.registrationCache.Set(
+			NodePublicKeyStripPrefix(registerRequest.NodeKey),
+			*machine,
+			registerCacheExpiration,
+		)
+
 		return
 	}
 }
diff --git a/machine.go b/machine.go
index aebfbcef..1a48a3e1 100644
--- a/machine.go
+++ b/machine.go
@@ -26,6 +26,7 @@ const (
 	)
 	ErrCouldNotConvertMachineInterface = Error("failed to convert machine interface")
 	ErrHostnameTooLong                 = Error("Hostname too long")
+	ErrDifferentRegisteredNamespace    = Error("machine was previously registered with a different namespace")
 	MachineGivenNameHashLength         = 8
 	MachineGivenNameTrimSize           = 2
 )
@@ -789,6 +790,11 @@ func (h *Headscale) RegisterMachineFromAuthCallback(
 				)
 			}
 
+			// Registration of expired machine with different namespace
+			if registrationMachine.ID != 0 && registrationMachine.NamespaceID != namespace.ID {
+				return nil, ErrDifferentRegisteredNamespace
+			}
+
 			registrationMachine.NamespaceID = namespace.ID
 			registrationMachine.RegisterMethod = registrationMethod
 
@@ -796,6 +802,10 @@ func (h *Headscale) RegisterMachineFromAuthCallback(
 				registrationMachine,
 			)
 
+			if err == nil {
+				h.registrationCache.Delete(nodeKeyStr)
+			}
+
 			return machine, err
 		} else {
 			return nil, ErrCouldNotConvertMachineInterface