diff --git a/app.go b/app.go
index 800b0a43..6fdc8cf7 100644
--- a/app.go
+++ b/app.go
@@ -179,7 +179,7 @@ func run(args options) {
 			address := net.JoinHostPort(config.BindHost, strconv.Itoa(config.TLS.PortHTTPS))
 			// validate current TLS config and update warnings (it could have been loaded from file)
 			data := validateCertificates(config.TLS)
-			if data.WarningValidation != "" {
+			if !data.usable {
 				log.Fatal(data.WarningValidation)
 				os.Exit(1)
 			}
diff --git a/config.go b/config.go
index 13df2174..c1aa2f8d 100644
--- a/config.go
+++ b/config.go
@@ -88,6 +88,9 @@ type tlsConfigStatus struct {
 	ValidKey bool   `yaml:"-" json:"valid_key"`
 	KeyType  string `yaml:"-" json:"key_type,omitempty"`
 
+	// is usable? set by validator
+	usable bool
+
 	// warnings
 	Warning           string `yaml:"-" json:"warning,omitempty"`
 	WarningValidation string `yaml:"-" json:"warning_validation,omitempty"`
diff --git a/control.go b/control.go
index 26d2d68f..564c735e 100644
--- a/control.go
+++ b/control.go
@@ -1088,7 +1088,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 
 	restartHTTPS := false
 	data = validateCertificates(data)
-	if data.WarningValidation == "" {
+	if data.usable {
 		if !reflect.DeepEqual(config.TLS.tlsConfigSettings, data.tlsConfigSettings) {
 			log.Printf("tls config settings have changed, will restart HTTPS server")
 			restartHTTPS = true
@@ -1259,6 +1259,7 @@ func validateCertificates(data tlsConfig) tlsConfig {
 			data.WarningValidation = fmt.Sprintf("Invalid certificate or key: %s", err)
 			return data
 		}
+		data.usable = true
 	}
 
 	return data