diff --git a/src/freedombone-addcert b/src/freedombone-addcert
index 5018c638..37ade52a 100755
--- a/src/freedombone-addcert
+++ b/src/freedombone-addcert
@@ -245,6 +245,8 @@ function add_cert_letsencrypt {
 
     cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem
 
+    update_default_domain
+
     systemctl start nginx
 
     if [ $PIN_CERTS ]; then
diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index a6b6fc6d..6a8606b2 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -359,17 +359,17 @@ function install_xmpp_main {
     cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
 
     if [[ $(cert_exists ${DEFAULT_DOMAIN_NAME} pem) == "1" ]]; then
-        sed -i "s|/etc/prosody/certs/example.com.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
-        sed -i "s|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+        sed -i "s|/etc/prosody/certs/example.com.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+        sed -i "s|/etc/prosody/certs/example.com.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
     else
-        sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
-        sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+        sed -i 's|/etc/prosody/certs/example.com.key|/etc/prosody/certs/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+        sed -i 's|/etc/prosody/certs/example.com.crt|/etc/prosody/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
     fi
     if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
         if [[ $(cert_exists ${DEFAULT_DOMAIN_NAME}) == "1" ]]; then
-            sed -i "/certificate =/a\        dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
+            sed -i "/certificate =/a\        dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
         else
-            sed -i '/certificate =/a\        dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
+            sed -i '/certificate =/a\        dhparam = "/etc/prosody/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
         fi
     fi
     if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
@@ -415,17 +415,17 @@ function install_xmpp_main {
     ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
 
     if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-        sed -i "s|/etc/prosody/certs/localhost.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
-        sed -i "s|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
+        sed -i "s|/etc/prosody/certs/localhost.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
+        sed -i "s|/etc/prosody/certs/localhost.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
     else
-        sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
-        sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|/etc/prosody/certs/localhost.key|/etc/prosody/certs/xmpp.key|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|/etc/prosody/certs/localhost.crt|/etc/prosody/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
     fi
     if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
         if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
-            sed -i "/certificate =/a\    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/prosody.cfg.lua
+            sed -i "/certificate =/a\    dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/prosody.cfg.lua
         else
-            sed -i '/certificate =/a\    dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
+            sed -i '/certificate =/a\    dhparam = "/etc/prosody/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
         fi
     fi
     if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
@@ -452,11 +452,11 @@ function install_xmpp_main {
     sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
     if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
         # use an existing cert if possible
-        sed -i "s|key = \"/etc/prosody/certs/example.com.key\"|key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\"|g" /etc/prosody/prosody.cfg.lua
-        sed -i "s|certificate = \"/etc/prosody/certs/example.com.crt\"|certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\"|g" /etc/prosody/prosody.cfg.lua
+        sed -i "s|key = \"/etc/prosody/certs/example.com.key\"|key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\"|g" /etc/prosody/prosody.cfg.lua
+        sed -i "s|certificate = \"/etc/prosody/certs/example.com.crt\"|certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\"|g" /etc/prosody/prosody.cfg.lua
     else
-        sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
-        sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/prosody/certs/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/prosody/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
     fi
     sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
 
@@ -474,7 +474,8 @@ function install_xmpp_main {
         fi
     fi
 
-    systemctl restart prosody
+
+    update_default_domain
     touch /home/$MY_USERNAME/README
 
     if [ ! -d /var/lib/tor ]; then
diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index 162b9730..8066d933 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -641,4 +641,29 @@ function configure_firewall_for_web_access {
     mark_completed $FUNCNAME
 }
 
+function update_default_domain {
+    if [ -d /etc/prosody ]; then
+        if [ ! -d /etc/prosody/certs ]; then
+            mkdir /etc/prosody/certs
+        fi
+        cp /etc/ssl/private/xmpp* /etc/prosody/certs
+        cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
+        cp /etc/ssl/certs/xmpp* /etc/prosody/certs
+        cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
+        if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+            if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
+                mv /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem
+            fi
+        else
+            sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+            sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+
+            sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
+            sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
+        fi
+        chown -R prosody:prosody /etc/prosody
+        systemctl restart prosody
+    fi
+}
+
 # NOTE: deliberately no exit 0