diff --git a/src/sbbs3/scfgdefs.h b/src/sbbs3/scfgdefs.h
index 602f147e90b95516580e23dd6cba990887c51f51..29087ffae0f50210ebc1504ecca611596fe477f0 100644
--- a/src/sbbs3/scfgdefs.h
+++ b/src/sbbs3/scfgdefs.h
@@ -620,6 +620,7 @@ typedef struct
 
 	// Run-time state information (not configuration)
 	int				tls_certificate;
+	time_t                  tls_cert_file_date;
 
 } scfg_t;
 
diff --git a/src/sbbs3/ssl.c b/src/sbbs3/ssl.c
index 50f371dc7e15226bb9b6c060610d6f31ba232e33..047d09b10cafda962a6ab2ac9fceb034ae6b68f7 100644
--- a/src/sbbs3/ssl.c
+++ b/src/sbbs3/ssl.c
@@ -290,12 +290,18 @@ CRYPT_CONTEXT get_ssl_cert(scfg_t *cfg, char **estr, int *level)
 	if(!do_cryptInit())
 		return -1;
 	pthread_mutex_lock(&ssl_cert_mutex);
+	SAFEPRINTF2(str,"%s%s",cfg->ctrl_dir,"ssl.cert");
+	time_t fd = fdate(str);
 	if (cfg->tls_certificate != -1 || !cfg->prepped) {
-		pthread_mutex_unlock(&ssl_cert_mutex);
-		return cfg->tls_certificate;
+		if (fd == cfg->tls_cert_file_date) {
+			pthread_mutex_unlock(&ssl_cert_mutex);
+			return cfg->tls_certificate;
+		}
+		cfg->tls_cert_file_date = fd;
+		cryptDestroyContext(cfg->tls_certificate);
 	}
+	cfg->tls_cert_file_date = fd;
 	/* Get the certificate... first try loading it from a file... */
-	SAFEPRINTF2(str,"%s%s",cfg->ctrl_dir,"ssl.cert");
 	if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_READONLY))) {
 		if(!DO("getting private key", ssl_keyset, cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass))) {
 			pthread_mutex_unlock(&ssl_cert_mutex);