diff --git a/confd/templates/haproxy.cfg.tmpl b/confd/templates/haproxy.cfg.tmpl
index d2d2979bfcd9b0262057f3ff28f42c6ef0686eee..667031971465c84e247cbba4b5f2959e4a2d76e3 100644
--- a/confd/templates/haproxy.cfg.tmpl
+++ b/confd/templates/haproxy.cfg.tmpl
@@ -1,9 +1,3 @@
-{{$default_service_value := getv "/services/default"}}
-{{$default_service := json $default_service_value}}
-{{$default_url := printf "/services/%s/%s" $default_service.app $default_service.hostname}}
-{{$default_value := getv $default_url}}
-{{$default := json $default_value}}
-{{$default := json $default_value}}
 global
   maxconn 4096
   user haproxy
@@ -22,7 +16,7 @@ defaults
 
 frontend https-in
 mode http
-  bind *:443 ssl crt-list /etc/haproxy/crt-list crt /etc/haproxy/approved-certs/{{$default_service.hostname}}.pem
+  bind *:443 ssl crt-list /etc/haproxy/crt-list crt /etc/haproxy/approved-certs/default.pem
   reqadd X-Forwarded-Proto:\ https
 {{range $app := lsdir "/services"}}
 {{$hostnames := printf "/services/%s/*" $app}}
@@ -36,8 +30,6 @@ mode http
   {{end}}
 {{end}}
 
-default_backend {{$default_service.hostname}}
-
 frontend http-in
   bind *:80
 {{range $app := lsdir "/services"}}
diff --git a/scripts/setup.sh b/scripts/setup.sh
index b4c6fb10a907c7361db1a74e28403d1f86ef3bcf..d2d0c5ad3a8429089e59f46bd6c507b098b6a76b 100755
--- a/scripts/setup.sh
+++ b/scripts/setup.sh
@@ -26,6 +26,7 @@ systemctl daemon-reload
 
 # Configure and start HAproxy
 mkdir -p /data/runtime/haproxy/approved-certs
+cp /data/indiehosters/scripts/unsecure-certs/indiehosters.dev.pem /data/runtime/haproxy/approved-certs/default.pem
 systemctl enable haproxy-confd.service
 systemctl start  haproxy-confd.service
 systemctl enable haproxy.path