diff --git a/doc/deploying-a-server.md b/doc/deploying-a-server.md
index c7daf9e911f5a8ad347bc41a7b21105251c71c83..3b9e86015ef5deac0841a8144c62929fdfee8d4f 100644
--- a/doc/deploying-a-server.md
+++ b/doc/deploying-a-server.md
@@ -37,7 +37,7 @@ Make sure you read [getting started](getting-started-as-a-hoster.md) first.
   * Unless you already have a TLS certificate for example.com, get one
     (from StartSSL or elsewhere), and concatenate the certificate
     and its unencrypted private key into one file.
-  * Make sure the TLS certificate is valid (use `scripts/check-cert.sh` for this), and scp it to `/data/import/example.com/TLS/example.com.pem` on k3.
+  * Make sure the TLS certificate is valid (use `scripts/check-cert.sh` for this), and scp it to `/data/import/example.com.pem` on k3.
   * Now ssh into k3, and if for instance 'wordpress' is the image you chose, run:
 
     systemctl enable wordpress@example.com
diff --git a/unit-files/static-git-importer@.service b/unit-files/static-git-importer@.service
index 5951dbd75b0d12fc8a4497bf1612f2fe5fc62f26..74fbb3b097af18e0ee44cde8650fdb48cd894d2a 100644
--- a/unit-files/static-git-importer@.service
+++ b/unit-files/static-git-importer@.service
@@ -3,6 +3,7 @@ Description=static importer
 
 # Dependency ordering
 Before=static-git@%i.service
+Before=backup@%i.timer
 
 [Service]
 Type=oneshot
@@ -11,6 +12,10 @@ Environment=DOMAIN=%i
 ExecStartPre=/data/indiehosters/scripts/backup-init.sh
 ExecStart=/bin/bash -euxc ' \
   domain_folder=/data/domains/%i; \
+  if [ -f /data/import/%i.pem ]; then \
+    mkdir -p $domain_folder/TLS; \
+    mv /data/import/%i.pem $domain_folder/TLS; \
+  fi; \
   cp $domain_folder/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem; \
   runtime_folder=/data/runtime/domains/%i/static-git; \
   mkdir -p $runtime_folder; \
diff --git a/unit-files/static-importer@.service b/unit-files/static-importer@.service
index ebd5fe2c4c31277ba47c2e215c14f169bab76b7d..d73c59a3f130749a44d74f7da05853ebad8f5a17 100644
--- a/unit-files/static-importer@.service
+++ b/unit-files/static-importer@.service
@@ -3,6 +3,7 @@ Description=static importer
 
 # Dependency ordering
 Before=static@%i.service
+Before=backup@%i.timer
 
 [Service]
 Type=oneshot
@@ -11,6 +12,10 @@ Environment=DOMAIN=%i
 ExecStartPre=/data/indiehosters/scripts/backup-init.sh
 ExecStart=/bin/bash -euxc ' \
   domain_folder=/data/domains/%i; \
+  if [ -f /data/import/%i.pem ]; then \
+    mkdir -p $domain_folder/TLS; \
+    mv /data/import/%i.pem $domain_folder/TLS; \
+  fi; \
   cp $domain_folder/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem; \
   folder=$domain_folder/static/www-content; \
   mkdir -p $folder; \
diff --git a/unit-files/wordpress-importer@.service b/unit-files/wordpress-importer@.service
index 8a47b2e90ca3dd1684241c27f84d39b0e4b901dc..29b38e873d7f31c0193017ab21824d5a3b0a70d4 100644
--- a/unit-files/wordpress-importer@.service
+++ b/unit-files/wordpress-importer@.service
@@ -4,6 +4,7 @@ Description=WordPress importer
 # Dependency ordering
 After=mysql-importer@%i.service
 Before=wordpress@%i.service
+Before=backup@%i.timer
 
 # Dependency binding
 BindsTo=wordpress@%i.service
@@ -15,6 +16,10 @@ Environment=DOMAIN=%i
 ExecStartPre=/data/indiehosters/scripts/backup-init.sh
 ExecStart=/bin/bash -euxc ' \
   domain_folder=/data/domains/%i; \
+  if [ -f /data/import/%i.pem ]; then \
+    mkdir -p $domain_folder/TLS; \
+    mv /data/import/%i.pem $domain_folder/TLS; \
+  fi; \
   cp $domain_folder/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem; \
   if [ ! -d $domain_folder/wordpress/wp-content ]; then \
     mkdir -p $domain_folder/wordpress/; \