diff --git a/box.js b/box.js
index 373951506..779f0a8af 100755
--- a/box.js
+++ b/box.js
@@ -49,6 +49,11 @@ async function main() {
     // require this here so that logging handler is already setup
     const debug = require('debug')('box:box');
 
+    process.on('SIGHUP', async function () {
+        debug('Received SIGHUP. Re-reading configs.');
+        await directoryServer.handleCertChanged();
+    });
+
     process.on('SIGINT', async function () {
         debug('Received SIGINT. Shutting down.');
 
diff --git a/setup/start/systemd/box.service b/setup/start/systemd/box.service
index c4afcb9c2..7b67e1133 100644
--- a/setup/start/systemd/box.service
+++ b/setup/start/systemd/box.service
@@ -13,6 +13,7 @@ Type=idle
 WorkingDirectory=/home/yellowtent/box
 Restart=always
 ExecStart=/home/yellowtent/box/box.js
+ExecReload=/usr/bin/kill -HUP $MAINPID
 ; we run commands like df which will parse properly only with correct locale
 Environment="HOME=/home/yellowtent" "USER=yellowtent" "DEBUG=box:*,connect-lastmile,-box:ldap" "BOX_ENV=cloudron" "NODE_ENV=production" "LC_ALL=C"
 ; kill apptask processes as well
diff --git a/src/reverseproxy.js b/src/reverseproxy.js
index 9e6c5cc4d..00576eccd 100644
--- a/src/reverseproxy.js
+++ b/src/reverseproxy.js
@@ -37,7 +37,6 @@ const acme2 = require('./acme2.js'),
     constants = require('./constants.js'),
     crypto = require('crypto'),
     debug = require('debug')('box:reverseproxy'),
-    directoryServer = require('./directoryserver.js'),
     dns = require('./dns.js'),
     domains = require('./domains.js'),
     ejs = require('ejs'),
@@ -408,8 +407,8 @@ async function renewCert(fqdn, domainObject) {
     // FIXME: this doesn't work across processes. maybe directory server has to become a process of it's own
     if (domainObject.domain === settings.dashboardDomain() && getAcmeCertificatePathSync(settings.dashboardFqdn(), domainObject).certFilePath === acmePaths.certFilePath) {
         debug('renewCert: directory server certificate changed');
-        const [restartError] = await safe(directoryServer.handleCertChanged());
-        if (restartError) debug(`renewCert: error updating directory server on cert change: ${restartError.message}`);
+        const [reloadError] = await safe(shell.promises.exec('renewCert', 'systemctl reload --no-block box'));
+        if (reloadError) debug(`renewCert: error updating directory server on cert change: ${reloadError.message}`);
     }
 }