diff --git a/src/cert/caas.js b/src/cert/caas.js
deleted file mode 100644
index ebc7aa196..000000000
--- a/src/cert/caas.js
+++ /dev/null
@@ -1,22 +0,0 @@
-'use strict';
-
-exports = module.exports = {
-    getCertificate: getCertificate,
-
-    // testing
-    _name: 'caas'
-};
-
-var assert = require('assert'),
-    debug = require('debug')('box:cert/caas.js');
-
-function getCertificate(hostname, domain, options, callback) {
-    assert.strictEqual(typeof hostname, 'string');
-    assert.strictEqual(typeof domain, 'string');
-    assert.strictEqual(typeof options, 'object');
-    assert.strictEqual(typeof callback, 'function');
-
-    debug('getCertificate: using fallback certificate', hostname);
-
-    return callback(null, '', '');
-}
diff --git a/src/reverseproxy.js b/src/reverseproxy.js
index b1725743b..10554b96e 100644
--- a/src/reverseproxy.js
+++ b/src/reverseproxy.js
@@ -35,7 +35,6 @@ var acme2 = require('./cert/acme2.js'),
     assert = require('assert'),
     async = require('async'),
     BoxError = require('./boxerror.js'),
-    caas = require('./cert/caas.js'),
     constants = require('./constants.js'),
     crypto = require('crypto'),
     debug = require('debug')('box:reverseproxy'),
@@ -65,14 +64,12 @@ function getCertApi(domainObject, callback) {
 
     if (domainObject.tlsConfig.provider === 'fallback') return callback(null, fallback, { fallback: true });
 
-    var api = domainObject.tlsConfig.provider === 'caas' ? caas : acme2;
+    var api = acme2;
 
     var options = { prod: false, performHttpAuthorization: false, wildcard: false, email: '' };
-    if (domainObject.tlsConfig.provider !== 'caas') {
-        options.prod = domainObject.tlsConfig.provider.match(/.*-prod/) !== null; // matches 'le-prod' or 'letsencrypt-prod'
-        options.performHttpAuthorization = domainObject.provider.match(/noop|manual|wildcard/) !== null;
-        options.wildcard = !!domainObject.tlsConfig.wildcard;
-    }
+    options.prod = domainObject.tlsConfig.provider.match(/.*-prod/) !== null; // matches 'le-prod' or 'letsencrypt-prod'
+    options.performHttpAuthorization = domainObject.provider.match(/noop|manual|wildcard/) !== null;
+    options.wildcard = !!domainObject.tlsConfig.wildcard;
 
     // registering user with an email requires A or MX record (https://github.com/letsencrypt/boulder/issues/1197)
     // we cannot use admin@fqdn because the user might not have set it up.
@@ -231,15 +228,8 @@ function getFallbackCertificate(domain, callback) {
     assert.strictEqual(typeof domain, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    // check for any pre-provisioned (caas) certs. they get first priority
-    var certFilePath = path.join(paths.NGINX_CERT_DIR, `${domain}.host.cert`);
-    var keyFilePath = path.join(paths.NGINX_CERT_DIR, `${domain}.host.key`);
-
-    if (fs.existsSync(certFilePath) && fs.existsSync(keyFilePath)) return callback(null, { certFilePath, keyFilePath });
-
-    // check for auto-generated or user set fallback certs
-    certFilePath = path.join(paths.APP_CERTS_DIR, `${domain}.host.cert`);
-    keyFilePath = path.join(paths.APP_CERTS_DIR, `${domain}.host.key`);
+    const certFilePath = path.join(paths.APP_CERTS_DIR, `${domain}.host.cert`);
+    const keyFilePath = path.join(paths.APP_CERTS_DIR, `${domain}.host.key`);
 
     callback(null, { certFilePath, keyFilePath });
 }
@@ -356,7 +346,7 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
 
                         debug(`ensureCertificate: renewal of ${vhost} failed. using fallback certificates for ${domain}`);
 
-                        // if no cert was returned use fallback. the fallback/caas provider will not provide any for example
+                        // if no cert was returned use fallback. the fallback provider will not provide any for example
                         getFallbackCertificate(domain, function (error, bundle) {
                             if (error) return callback(error);
 
diff --git a/src/test/apptask-test.js b/src/test/apptask-test.js
index b489b73f6..8d35fa9e6 100644
--- a/src/test/apptask-test.js
+++ b/src/test/apptask-test.js
@@ -59,7 +59,7 @@ const DOMAIN_0 = {
         endpoint: 'http://localhost:5353'
     },
     fallbackCertificate: null,
-    tlsConfig: { provider: 'caas' }
+    tlsConfig: { provider: 'letsencrypt-staging' }
 };
 
 let AUDIT_SOURCE = { ip: '1.2.3.4' };
diff --git a/src/test/reverseproxy-test.js b/src/test/reverseproxy-test.js
index 293e46c96..344cf6e0b 100644
--- a/src/test/reverseproxy-test.js
+++ b/src/test/reverseproxy-test.js
@@ -180,28 +180,6 @@ describe('Certificates', function () {
         });
     });
 
-    describe('getApi - caas', function () {
-        before(function (done) {
-            DOMAIN_0.tlsConfig = { provider: 'caas' };
-
-            async.series([
-                setup,
-                domains.update.bind(null, DOMAIN_0.domain, DOMAIN_0, AUDIT_SOURCE)
-            ], done);
-        });
-
-        after(cleanup);
-
-        it('returns prod caas for prod cloudron', function (done) {
-            reverseProxy._getCertApi(DOMAIN_0, function (error, api, options) {
-                expect(error).to.be(null);
-                expect(api._name).to.be('caas');
-                expect(options).to.eql({ email: 'webmaster@cloudron.io', 'performHttpAuthorization': false, 'prod': false, 'wildcard': false });
-                done();
-            });
-        });
-    });
-
     describe('getApi - letsencrypt-prod', function () {
         before(function (done) {
             DOMAIN_0.tlsConfig = { provider: 'letsencrypt-prod' };