diff --git a/app.go b/app.go
index 518bb397..1abad8c5 100644
--- a/app.go
+++ b/app.go
@@ -183,7 +183,9 @@ func run(args options) {
 				log.Fatal(data.WarningValidation)
 				os.Exit(1)
 			}
+			config.Lock()
 			config.TLS = data // update warnings
+			config.Unlock()
 
 			// prepare certs for HTTPS server
 			// important -- they have to be copies, otherwise changing the contents in config.TLS will break encryption for in-flight requests
diff --git a/control.go b/control.go
index 8c2fa789..edc2647a 100644
--- a/control.go
+++ b/control.go
@@ -1105,10 +1105,12 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 	if restartHTTPS {
 		go func() {
 			time.Sleep(time.Second) // TODO: could not find a way to reliably know that data was fully sent to client by https server, so we wait a bit to let response through before closing the server
+			httpsServer.cond.L.Lock()
 			httpsServer.cond.Broadcast()
 			if httpsServer.server != nil {
 				httpsServer.server.Shutdown(context.TODO())
 			}
+			httpsServer.cond.L.Unlock()
 		}()
 	}
 }