diff --git a/scripts/cloudron-support b/scripts/cloudron-support
index dabeb27d1..9c9e1e12c 100755
--- a/scripts/cloudron-support
+++ b/scripts/cloudron-support
@@ -73,7 +73,7 @@ function wait_systemd_service() {
         (( up_time > 10 )) && return 0
 
         info "Service '${service}' just started $up_time secs ago, checking health again in 10s"
-        sleep 10
+        sleep 11
     done
 
     return 1
@@ -248,7 +248,27 @@ function check_nginx() {
     if ! systemctl is-active -q nginx; then
         fail "nginx is down. Removing extraneous dashboard domain configs ..."
 
+        # we had a bug where old dashboard domain config file was kept around
         cd /home/yellowtent/platformdata/nginx/applications/dashboard/ && find . ! -name "my.${dashboard_domain}.conf" -type f -exec rm -f {} +
+
+        # check if certificates are there. nginx will still start if certs are expired
+        # IFS= makes sure it doesn't trim leading and trailing whitespace
+        # -r prevents interpretation of \ escapes.
+        find /home/yellowtent/platformdata/nginx -type f -name '*.conf' -print0 | while IFS= read -r -d '' conf; do
+            cert_file=$(sed -ne 's/[[:blank:]]\+ssl_certificate[[:blank:]]\+\(.*\);/\1/p' "${conf}")
+            key_file=$(sed -ne 's/[[:blank:]]\+ssl_certificate_key[[:blank:]]\+\(.*\);/\1/p' "${conf}")
+
+            if [[ -n "${cert_file}" && ! -f "${cert_file}" ]]; then
+                info "${cert_file} does not exist. removing ${conf}"
+                rm -f "${conf}"
+            fi
+
+            if [[ -n "${key_file}" && ! -f "${key_file}" ]]; then
+                info "${key_file} does not exist. removing ${conf}"
+                rm -f "${conf}"
+            fi
+        done
+
         systemctl restart nginx
 
         if ! systemctl is-active -q nginx; then