diff --git a/src/reverseproxy.js b/src/reverseproxy.js
index 6fa543d1c..d40e20d97 100644
--- a/src/reverseproxy.js
+++ b/src/reverseproxy.js
@@ -463,83 +463,61 @@ async function writeDashboardConfig(domainObject) {
     await writeDashboardNginxConfig(dashboardFqdn, bundle);
 }
 
-async function writeAppNginxConfig(app, fqdn, bundle) {
-    assert.strictEqual(typeof app, 'object');
-    assert.strictEqual(typeof fqdn, 'string');
-    assert.strictEqual(typeof bundle, 'object');
-
-    var sourceDir = path.resolve(__dirname, '..');
-    var endpoint = 'app';
-
-    let robotsTxtQuoted = null, hideHeaders = [], cspQuoted = null;
-    const reverseProxyConfig = app.reverseProxyConfig || {}; // some of our code uses fake app objects
-    if (reverseProxyConfig.robotsTxt) robotsTxtQuoted = JSON.stringify(app.reverseProxyConfig.robotsTxt);
-    if (reverseProxyConfig.csp) {
-        cspQuoted = `"${app.reverseProxyConfig.csp}"`;
-        hideHeaders = [ 'Content-Security-Policy' ];
-        if (reverseProxyConfig.csp.includes('frame-ancestors ')) hideHeaders.push('X-Frame-Options');
-    }
-
-    const data = {
-        sourceDir: sourceDir,
-        vhost: fqdn,
-        hasIPv6: sysinfo.hasIPv6(),
-        ip: app.containerIp,
-        port: app.manifest.httpPort,
-        endpoint,
-        certFilePath: bundle.certFilePath,
-        keyFilePath: bundle.keyFilePath,
-        robotsTxtQuoted,
-        cspQuoted,
-        hideHeaders,
-        proxyAuth: {
-            enabled: app.sso && app.manifest.addons && app.manifest.addons.proxyAuth,
-            id: app.id,
-            location: nginxLocation(safe.query(app.manifest, 'addons.proxyAuth.path') || '/')
-        },
-        ocsp: await isOcspEnabled(bundle.certFilePath)
-    };
-    const nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
-
-    const aliasSuffix = app.fqdn === fqdn ? '' : `-alias-${fqdn.replace('*', '_')}`;
-    var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, `${app.id}${aliasSuffix}.conf`);
-    debug('writeAppNginxConfig: writing config for "%s" to %s with options %j', fqdn, nginxConfigFilename, data);
-
-    if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) {
-        debug('Error creating nginx config for "%s" : %s', app.fqdn, safe.error.message);
-        throw new BoxError(BoxError.FS_ERROR, safe.error);
-    }
-
-    await reload();
-}
-
-async function writeAppRedirectNginxConfig(app, fqdn, bundle) {
+async function writeAppNginxConfig(app, fqdn, type, bundle) {
     assert.strictEqual(typeof app, 'object');
     assert.strictEqual(typeof fqdn, 'string');
+    assert.strictEqual(typeof type, 'string');
     assert.strictEqual(typeof bundle, 'object');
 
     const data = {
         sourceDir: path.resolve(__dirname, '..'),
         vhost: fqdn,
-        redirectTo: app.fqdn,
         hasIPv6: sysinfo.hasIPv6(),
-        endpoint: 'redirect',
+        ip: null,
+        port: null,
+        endpoint: null,
+        redirectTo: null,
         certFilePath: bundle.certFilePath,
         keyFilePath: bundle.keyFilePath,
         robotsTxtQuoted: null,
         cspQuoted: null,
         hideHeaders: [],
-        proxyAuth: { enabled: false, id: app.id, location: nginxLocation('/') },
+        proxyAuth: null,
         ocsp: await isOcspEnabled(bundle.certFilePath)
     };
+
+    let nginxConfigFilenameSuffix = '';
+    if (type === apps.SUBDOMAIN_TYPE_PRIMARY || type === apps.SUBDOMAIN_TYPE_ALIAS) {
+        const reverseProxyConfig = app.reverseProxyConfig || {}; // some of our code uses fake app objects
+        if (reverseProxyConfig.robotsTxt) data.robotsTxtQuoted = JSON.stringify(app.reverseProxyConfig.robotsTxt);
+        if (reverseProxyConfig.csp) {
+            data.cspQuoted = `"${app.reverseProxyConfig.csp}"`;
+            data.hideHeaders = [ 'Content-Security-Policy' ];
+            if (reverseProxyConfig.csp.includes('frame-ancestors ')) data.hideHeaders.push('X-Frame-Options');
+        }
+        data.proxyAuth = {
+            enabled: app.sso && app.manifest.addons && app.manifest.addons.proxyAuth,
+            id: app.id,
+            location: nginxLocation(safe.query(app.manifest, 'addons.proxyAuth.path') || '/')
+        };
+        data.endpoint = 'app';
+        data.ip = app.containerIp;
+        data.port = app.manifest.httpPort;
+        if (type === apps.SUBDOMAIN_TYPE_ALIAS) nginxConfigFilenameSuffix = `-alias-${fqdn.replace('*', '_')}`;
+    } else if (type === apps.SUBDOMAIN_TYPE_REDIRECT) {
+        data.proxyAuth = { enabled: false, id: app.id, location: nginxLocation('/') };
+        data.endpoint = 'redirect';
+        data.redirectTo = app.fqdn;
+        nginxConfigFilenameSuffix = `-redirect-${fqdn}`;
+    }
+
     const nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
 
-    // if we change the filename, also change it in unconfigureApp()
-    const nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, `${app.id}-redirect-${fqdn}.conf`);
-    debug('writing config for "%s" redirecting to "%s" to %s with options %j', app.fqdn, fqdn, nginxConfigFilename, data);
+    const nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, `${app.id}${nginxConfigFilenameSuffix}.conf`);
+    debug(`writeAppNginxConfig: writing config for "${fqdn}" to ${nginxConfigFilename} with options ${JSON.stringify(data)}`);
 
     if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) {
-        debug('Error creating nginx redirect config for "%s" : %s', app.fqdn, safe.error.message);
+        debug(`Error creating nginx config for "${app.fqdn}" : ${safe.error.message}`);
         throw new BoxError(BoxError.FS_ERROR, safe.error);
     }
 
@@ -555,14 +533,7 @@ async function writeAppConfig(app) {
 
     for (const appDomain of appDomains) {
         const bundle = await getCertificatePath(appDomain.fqdn, appDomain.domain);
-
-        if (appDomain.type === apps.SUBDOMAIN_TYPE_PRIMARY) {
-            await writeAppNginxConfig(app, appDomain.fqdn, bundle);
-        } else if (appDomain.type === apps.SUBDOMAIN_TYPE_REDIRECT) {
-            await writeAppRedirectNginxConfig(app, appDomain.fqdn, bundle);
-        } else if (appDomain.type === apps.SUBDOMAIN_TYPE_ALIAS) {
-            await writeAppNginxConfig(app, appDomain.fqdn, bundle);
-        }
+        await writeAppNginxConfig(app, appDomain.fqdn, appDomain.type, bundle);
     }
 }
 
@@ -578,7 +549,7 @@ async function configureApp(app, auditSource) {
         await ensureCertificate(appDomain.fqdn, appDomain.domain, auditSource);
     }
 
-    writeAppConfig(app);
+    await writeAppConfig(app);
 }
 
 async function unconfigureApp(app) {
@@ -652,14 +623,8 @@ async function renewCerts(options, auditSource, progressCallback) {
         // reconfigure since the cert changed
         if (appDomain.type === 'webadmin' || appDomain.type === 'webadmin+mail') {
             await writeDashboardNginxConfig(settings.dashboardFqdn(), bundle);
-        } else if (appDomain.type === apps.SUBDOMAIN_TYPE_PRIMARY) {
-            await writeAppNginxConfig(appDomain.app, appDomain.fqdn, bundle);
-        } else if (appDomain.type === apps.SUBDOMAIN_TYPE_REDIRECT) {
-            await writeAppRedirectNginxConfig(appDomain.app, appDomain.fqdn, bundle);
-        } else if (appDomain.type === apps.SUBDOMAIN_TYPE_ALIAS) {
-            await writeAppNginxConfig(appDomain.app, appDomain.fqdn, bundle);
         } else {
-            throw new BoxError(BoxError.INTERNAL_ERROR, `Unknown domain type for ${appDomain.fqdn}. This should never happen`);
+            await writeAppNginxConfig(appDomain.app, appDomain.fqdn, appDomain.type, bundle);
         }
     }