diff --git a/src/reverseproxy.js b/src/reverseproxy.js
index df71fc482..6eed27b82 100644
--- a/src/reverseproxy.js
+++ b/src/reverseproxy.js
@@ -85,7 +85,7 @@ function getCertApi(domain, callback) {
     domains.get(domain, function (error, result) {
         if (error) return callback(error);
 
-        if (result.tlsConfig.provider === 'fallback') return callback(null, fallback, {});
+        if (result.tlsConfig.provider === 'fallback') return callback(null, fallback, { fallback: true });
 
         var api = result.tlsConfig.provider === 'caas' ? caas : acme2;
 
@@ -127,6 +127,10 @@ function providerMatchesSync(certFilePath, apiOptions) {
 
     if (!fs.existsSync(certFilePath)) return false; // not found
 
+    if (apiOptions.fallback) {
+        return certFilePath.includes('.host.cert');
+    }
+
     const subjectAndIssuer = safe.child_process.execSync(`/usr/bin/openssl x509 -noout -subject -issuer -in "${certFilePath}"`, { encoding: 'utf8' });
 
     const isWildcardCert = subjectAndIssuer.match(/^subject=(.*)$/m)[1].includes('*');