diff --git a/src/reverseproxy.js b/src/reverseproxy.js
index 255218dd4..cb15fb1a6 100644
--- a/src/reverseproxy.js
+++ b/src/reverseproxy.js
@@ -256,7 +256,7 @@ function getUserCertificatePathSync(fqdn) {
     return { certFilePath, keyFilePath };
 }
 
-function getAcmeCertificateName(fqdn, domainObject) {
+function getAcmeCertificateNameSync(fqdn, domainObject) {
     assert.strictEqual(typeof fqdn, 'string'); // this can contain wildcard domain (for alias domains)
     assert.strictEqual(typeof domainObject, 'object');
 
@@ -271,7 +271,7 @@ function getAcmeCertificatePathSync(fqdn, domainObject) {
     assert.strictEqual(typeof fqdn, 'string'); // this can contain wildcard domain (for alias domains)
     assert.strictEqual(typeof domainObject, 'object');
 
-    const certName = getAcmeCertificateName(fqdn, domainObject);
+    const certName = getAcmeCertificateNameSync(fqdn, domainObject);
     const certFilePath = path.join(paths.NGINX_CERT_DIR, `${certName}.cert`);
     const keyFilePath = path.join(paths.NGINX_CERT_DIR, `${certName}.key`);
     const csrFilePath = path.join(paths.NGINX_CERT_DIR, `${certName}.csr`);
@@ -318,7 +318,7 @@ async function getAcmeCertificate(fqdn, domainObject) {
     assert.strictEqual(typeof fqdn, 'string'); // this can contain wildcard domain (for alias domains)
     assert.strictEqual(typeof domainObject, 'object');
 
-    const certName = getAcmeCertificateName(fqdn, domainObject);
+    const certName = getAcmeCertificateNameSync(fqdn, domainObject);
 
     const privateKey = await blobs.get(`${blobs.CERT_PREFIX}-${certName}.key`);
     const cert = await blobs.get(`${blobs.CERT_PREFIX}-${certName}.cert`);
@@ -332,7 +332,7 @@ async function writeAcmeCertificate(fqdn, domainObject) {
     assert.strictEqual(typeof fqdn, 'string'); // this can contain wildcard domain (for alias domains)
     assert.strictEqual(typeof domainObject, 'object');
 
-    const certName = getAcmeCertificateName(fqdn, domainObject);
+    const certName = getAcmeCertificateNameSync(fqdn, domainObject);
     const privateKey = await blobs.get(`${blobs.CERT_PREFIX}-${certName}.key`);
     const cert = await blobs.get(`${blobs.CERT_PREFIX}-${certName}.cert`);
     const csr = await blobs.get(`${blobs.CERT_PREFIX}-${certName}.csr`);
@@ -362,7 +362,7 @@ async function updateCertBlobs(fqdn, domainObject) {
     const csr = safe.fs.readFileSync(csrFilePath);
     if (!csr) throw new BoxError(BoxError.FS_ERROR, `Failed to read csr: ${safe.error.message}`);
 
-    const certName = getAcmeCertificateName(fqdn, domainObject);
+    const certName = getAcmeCertificateNameSync(fqdn, domainObject);
     await blobs.set(`${blobs.CERT_PREFIX}-${certName}.key`, privateKey);
     await blobs.set(`${blobs.CERT_PREFIX}-${certName}.cert`, cert);
     await blobs.set(`${blobs.CERT_PREFIX}-${certName}.csr`, csr);
@@ -397,16 +397,16 @@ async function renewCert(fqdn, domainObject) {
         await safe(updateCertBlobs(fqdn, domainObject));
     }
 
-    if (settings.mailFqdn() === fqdn) {
-        debug('renewCert: restarting mail container');
+    if (domainObject.domain === settings.mailDomain() && getAcmeCertificatePathSync(settings.mailFqdn(), domainObject).certFilePath === acmePaths.certFilePath) {
+        debug('renewCert: mail certificate changed');
         const [restartError] = await safe(mail.handleCertChanged());
-        if (restartError) debug(`renewCert: error restarting mail container on cert change: ${restartError.message}`);
+        if (restartError) debug(`renewCert: error updating mail container on cert change: ${restartError.message}`);
     }
 
-    if (settings.dashboardFqdn() === fqdn) {
-        debug('renewCert: restarting directory server');
+    if (domainObject.domain === settings.dashboardDomain() && getAcmeCertificatePathSync(settings.dashboardFqdn(), domainObject).certFilePath === acmePaths.certFilePath) {
+        debug('renewCert: directory server certificate changed');
         const [restartError] = await safe(directoryServer.handleCertChanged());
-        if (restartError) debug(`renewCert: error restarting directory server on cert change: ${restartError.message}`);
+        if (restartError) debug(`renewCert: error updating directory server on cert change: ${restartError.message}`);
     }
 }
 
@@ -674,7 +674,7 @@ async function renewCerts(options, auditSource, progressCallback) {
 
         if (await needsRenewal(location.fqdn, domainObject)) {
             await renewCert(location.fqdn, domainObject);
-            renewedCertificateNames.push(getAcmeCertificateName(location.fqdn, domainObject));
+            renewedCertificateNames.push(getAcmeCertificateNameSync(location.fqdn, domainObject));
         } else {
             progressCallback({ message: `Cert of ${location.fqdn} does not require renewal` });
         }
@@ -688,7 +688,7 @@ async function renewCerts(options, auditSource, progressCallback) {
 
     for (const app of allApps) {
         if (!app.manifest.addons?.tls) continue;
-        const addonCertificateName = getAcmeCertificateName(app.fqdn, domainObjectMap[app.domain]);
+        const addonCertificateName = getAcmeCertificateNameSync(app.fqdn, domainObjectMap[app.domain]);
         if (renewedCertificateNames.includes(addonCertificateName)) await apps.restart(app, auditSource);
     }
 }