diff --git a/Dockerfile b/Dockerfile
index 9be5cf5..0f474a7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -33,7 +33,9 @@ ENV \
     LDAP_DEFAULT_PASS_SCHEME=CRYPT \
     ANTISPAM_ENABLE=yes \
     IMAP_URLAUTH_HOST="*" \
-    SSL_CLIENT_CA_DIR="/etc/ssl/certs"
+    SSL_CLIENT_CA_DIR="/etc/ssl/certs" \
+    SSL_CERT="/ssl/cert.pem" \
+    SSL_KEY="/ssl/key.pem"
 
 RUN groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \
   && mkdir -p /vmail && chown vmail:vmail /vmail \
diff --git a/confd/templates/10-ssl.conf.tmpl b/confd/templates/10-ssl.conf.tmpl
index 82ed656..586991e 100644
--- a/confd/templates/10-ssl.conf.tmpl
+++ b/confd/templates/10-ssl.conf.tmpl
@@ -9,8 +9,8 @@ ssl = yes
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
 # certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </ssl/cert.pem
-ssl_key = </ssl/key.pem
+{{ with getv "/ssl/cert" }}ssl_cert = <{{.}}{{ end }}
+{{ with getv "/ssl/key" }}ssl_key = <{{.}}{{ end }}
 
 # If key file is password protected, give the password here. Alternatively
 # give it when starting dovecot with -p parameter. Since this file is often