diff --git a/core/nginx/config.py b/core/nginx/config.py
index aca27380..d4b29fb1 100755
--- a/core/nginx/config.py
+++ b/core/nginx/config.py
@@ -22,11 +22,13 @@ if "HOST_ANTISPAM" not in args:
     args["HOST_ANTISPAM"] = "antispam:11334"
 
 # TLS configuration
+cert_name = os.getenv("TLS_CERT_FILENAME", default="cert.pem")
+keypair_name = os.getenv("TLS_KEYPAIR_FILENAME", default="key.pem")
 args["TLS"] = {
-    "cert": ("/certs/cert.pem", "/certs/key.pem"),
+    "cert": ("/certs/%s" % cert_name, "/certs/%s" % keypair_name),
     "letsencrypt": ("/certs/letsencrypt/live/mailu/fullchain.pem",
         "/certs/letsencrypt/live/mailu/privkey.pem"),
-    "mail": ("/certs/cert.pem", "/certs/key.pem"),
+    "mail": ("/certs/%s" % cert_name, "/certs/%s" % keypair_name),
     "mail-letsencrypt": ("/certs/letsencrypt/live/mailu/fullchain.pem",
         "/certs/letsencrypt/live/mailu/privkey.pem"),
     "notls": None
diff --git a/docs/compose/setup.rst b/docs/compose/setup.rst
index ce108f3d..64e2fa22 100644
--- a/docs/compose/setup.rst
+++ b/docs/compose/setup.rst
@@ -107,10 +107,11 @@ Finish setting up TLS
 Mailu relies heavily on TLS and must have a key pair and a certificate
 available, at least for the hostname configured in the ``.env`` file.
 
-If you set ``TLS_FLAVOR`` to ``cert`` or if then you must create a ``certs`` directory
+If you set ``TLS_FLAVOR`` to ``cert`` or ``mail`` then you must create a ``certs`` directory
 in your root path and setup a key-certificate pair there:
-- ``cert.pem`` contains the certificate,
-- ``key.pem`` contains the key pair.
+
+- ``cert.pem`` contains the certificate (override with ``TLS_CERT_FILENAME``),
+- ``key.pem`` contains the key pair (override with ``TLS_KEYPAIR_FILENAME``).
 
 Start Mailu
 -----------