diff --git a/src/reverseproxy.js b/src/reverseproxy.js
index 8ec381ef9..b1725743b 100644
--- a/src/reverseproxy.js
+++ b/src/reverseproxy.js
@@ -215,15 +215,9 @@ function setFallbackCertificate(domain, fallback, callback) {
     assert.strictEqual(typeof fallback, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (fallback.restricted) { // restricted certs are not backed up
-        debug(`setFallbackCertificate: setting restricted certs for domain ${domain}`);
-        if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain}.host.cert`), fallback.cert)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
-        if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain}.host.key`), fallback.key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
-    } else {
-        debug(`setFallbackCertificate: setting certs for domain ${domain}`);
-        if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.cert`), fallback.cert)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
-        if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.key`), fallback.key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
-    }
+    debug(`setFallbackCertificate: setting certs for domain ${domain}`);
+    if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.cert`), fallback.cert)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
+    if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.key`), fallback.key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
 
     // TODO: maybe the cert is being used by the mail container
     reload(function (error) {
diff --git a/src/routes/domains.js b/src/routes/domains.js
index 58413dd95..2d29e8e69 100644
--- a/src/routes/domains.js
+++ b/src/routes/domains.js
@@ -33,7 +33,6 @@ function add(req, res, next) {
         let fallbackCertificate = req.body.fallbackCertificate;
         if (!fallbackCertificate.cert || typeof fallbackCertificate.cert !== 'string') return next(new HttpError(400, 'fallbackCertificate.cert must be a string'));
         if (!fallbackCertificate.key || typeof fallbackCertificate.key !== 'string') return next(new HttpError(400, 'fallbackCertificate.key must be a string'));
-        if ('restricted' in fallbackCertificate && typeof fallbackCertificate.restricted !== 'boolean') return next(new HttpError(400, 'fallbackCertificate.restricted must be a boolean'));
     }
 
     if ('tlsConfig' in req.body) {
@@ -95,7 +94,6 @@ function update(req, res, next) {
         let fallbackCertificate = req.body.fallbackCertificate;
         if (!fallbackCertificate.cert || typeof fallbackCertificate.cert !== 'string') return next(new HttpError(400, 'fallbackCertificate.cert must be a string'));
         if (!fallbackCertificate.key || typeof fallbackCertificate.key !== 'string') return next(new HttpError(400, 'fallbackCertificate.key must be a string'));
-        if ('restricted' in fallbackCertificate && typeof fallbackCertificate.restricted !== 'boolean') return next(new HttpError(400, 'fallbackCertificate.restricted must be a boolean'));
     }
 
     if ('tlsConfig' in req.body) {