diff --git a/nginx/Dockerfile b/nginx/Dockerfile
index df815de8..906f43b9 100644
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -3,3 +3,8 @@ FROM nginx:alpine
 RUN apk add --update nginx-lua && rm -rf /var/cache/apk/*
 
 COPY nginx.conf /etc/nginx/nginx.conf
+COPY nginx.conf.fallback /etc/nginx/nginx.conf.fallback
+
+COPY start.sh /start.sh
+
+CMD ["/start.sh"]
diff --git a/nginx/nginx.conf.fallback b/nginx/nginx.conf.fallback
new file mode 100644
index 00000000..0e12bff7
--- /dev/null
+++ b/nginx/nginx.conf.fallback
@@ -0,0 +1,27 @@
+#  Basic configuration
+user nginx;
+worker_processes  1;
+error_log /dev/stderr info;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    # Standard HTTP configuration with slight hardening
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+    access_log /dev/stdout;
+    sendfile on;
+    keepalive_timeout  65;
+    server_tokens off;
+
+    server {
+      listen 80;
+
+      location /.well-known/acme-challenge {
+        proxy_pass http://admin:8081;
+      }
+    }
+}
diff --git a/nginx/start.sh b/nginx/start.sh
new file mode 100755
index 00000000..7c17c2be
--- /dev/null
+++ b/nginx/start.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [[ ! -z ENABLE_CERTBOT && ! -f /certs/cert.pem ]]; then
+  cp /etc/nginx/nginx.conf.fallback /etc/nginx/nginx.conf
+fi
+
+nginx -g 'daemon off;'