diff --git a/Dockerfile b/Dockerfile
index 149fb90..8519277 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,6 +6,8 @@ RUN apt-get update \
  && apt-get install -y -q --no-install-recommends \
     ca-certificates \
     wget \
+    vim \
+    net-tools \
  && apt-get clean \
  && rm -r /var/lib/apt/lists/*
 
diff --git a/nginx.tmpl b/nginx.tmpl
index 21db73b..77195ea 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -95,14 +95,27 @@ server {
 }
 
 # Default server if unknown domain
+{{/* Get the first matching cert, any cert */}}
+{{ $anyCert := (first (dir "/etc/nginx/certs"))}}
+{{ $anyCert := trimSuffix ".crt" $anyCert }}
+{{ $anyCert := trimSuffix ".key" $anyCert }}
+
+{{ $cert_exists := (and (ne $anyCert "") (exists (printf "/etc/nginx/certs/%s.crt" $anyCert)) (exists (printf "/etc/nginx/certs/%s.key" $anyCert))) }}
+
+{{ if $cert_exists }}
 server {
-	listen 80;
+	listen 443 ssl http2;
 	{{ if $enable_ipv6 }}
-	listen [::]:80;
+	listen [::]:443 ssl http2;
 	{{ end }}
 	access_log /var/log/nginx/access.log vhost;
 	return 503;
+
+	ssl_session_tickets off;
+	ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $anyCert) }};
+	ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $anyCert) }};
 }
+{{ end }}
 
 {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
 server {
@@ -206,19 +219,6 @@ upstream {{ $upstream_name }} {
 {{ $is_https := (and (ne $https_method "nohttps") (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }}
 
 {{ if $is_https }}
-# Default server if unknown domain
-server {
-	listen 443 ssl http2;
-	{{ if $enable_ipv6 }}
-	listen [::]:443 ssl http2;
-	{{ end }}
-	access_log /var/log/nginx/access.log vhost;
-	return 503;
-
-	ssl_session_tickets off;
-	ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
-	ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
-}
 
 {{ if eq $https_method "redirect" }}
 server {