diff --git a/core/nginx/certwatcher.py b/core/nginx/certwatcher.py
index 65020021..96ccdd7c 100755
--- a/core/nginx/certwatcher.py
+++ b/core/nginx/certwatcher.py
@@ -5,8 +5,8 @@ happens to externally supplied certificates. Only executed by start.py in case
 of TLS_FLAVOR=[mail, cert]
 """
 
-from os.path import exists, split as path_split
-from os import system
+from os.path import exists, split as path_split, join as path_join
+from os import system, getenv
 import time
 from watchdog.observers.polling import PollingObserver
 from watchdog.events import FileSystemEventHandler, FileDeletedEvent, \
@@ -14,6 +14,13 @@ from watchdog.events import FileSystemEventHandler, FileDeletedEvent, \
 
 class ChangeHandler(FileSystemEventHandler):
     "watchdog-handler listening on any event, executing the correct configuration/reload steps"
+
+    def __init__(self, cert_path, keypair_path):
+        "Initialize a new changehandler"""
+        super().__init__()
+        self.cert_path = cert_path
+        self.keypair_path = keypair_path
+
     @staticmethod
     def reload_nginx():
         "merely reload nginx without re-configuring everything"
@@ -32,11 +39,11 @@ class ChangeHandler(FileSystemEventHandler):
         if event.is_directory:
             return
 
-        filename = path_split(event.src_path)[-1]
+        filename = event.src_path
         if isinstance(event, FileMovedEvent):
-            filename = path_split(event.dest_path)[-1]
+            filename = event.dest_path
 
-        if filename in ['cert.pem', 'key.pem']:
+        if filename in [self.cert_path, self.keypair_path]:
             # all cases except for FileModified need re-configure
             if isinstance(event, (FileCreatedEvent, FileMovedEvent, FileDeletedEvent)):
                 ChangeHandler.reexec_config()
@@ -44,14 +51,21 @@ class ChangeHandler(FileSystemEventHandler):
             elif isinstance(event, FileModifiedEvent):
                 ChangeHandler.reload_nginx()
         # cert files have been moved away, re-configure
-        elif isinstance(event, FileMovedEvent) and path_split(event.src_path)[-1] in ['cert.pem', 'key.pem']:
+        elif isinstance(event, FileMovedEvent) and event.src_path in [self.cert_path, self.keypair_path]:
             ChangeHandler.reexec_config()
 
 
 if __name__ == '__main__':
+    cert_path = path_join("/certs/", getenv("TLS_CERT_FILENAME", default="cert.pem"))
+    cert_dir = path_split(cert_path)[0]
+    keypair_path = path_join("/certs/", getenv("TLS_KEYPAIR_FILENAME", default="key.pem"))
+    keypair_dir = path_split(keypair_path)[0]
+
     observer = PollingObserver()
-    handler = ChangeHandler()
-    observer.schedule(handler, "/certs", recursive=False)
+    handler = ChangeHandler(cert_path, keypair_path)
+    observer.schedule(handler, cert_dir, recursive=False)
+    if keypair_dir != cert_dir:
+       observer.schedule(handler, keypair_dir, recursive=False)
     observer.start()
 
     try: