diff --git a/core/pkg/ingress/controller/launch.go b/core/pkg/ingress/controller/launch.go
index a1f325d4f..738d1792f 100644
--- a/core/pkg/ingress/controller/launch.go
+++ b/core/pkg/ingress/controller/launch.go
@@ -132,6 +132,8 @@ func NewIngressController(backend ingress.Controller) *GenericController {
 	}
 
 	os.MkdirAll(ingress.DefaultSSLDirectory, 0655)
+	// Creates a temp directory for Certificates, as 'rename' functions need to be in the same mount point as the Certificates
+	os.MkdirAll(ingress.TempSSLDirectory, 0655)
 
 	config := &Configuration{
 		UpdateStatus:          *updateStatus,
diff --git a/core/pkg/ingress/types.go b/core/pkg/ingress/types.go
index 4891995e7..75ca65f64 100644
--- a/core/pkg/ingress/types.go
+++ b/core/pkg/ingress/types.go
@@ -36,6 +36,7 @@ var (
 	// The name of each file is <namespace>-<secret name>.pem. The content is the concatenated
 	// certificate and key.
 	DefaultSSLDirectory = "/ingress-controller/ssl"
+	TempSSLDirectory    = "/ingress-controller/ssl/temp"
 )
 
 // Controller holds the methods to handle an Ingress backend
diff --git a/core/pkg/net/ssl/ssl.go b/core/pkg/net/ssl/ssl.go
index 14a6fbef3..b8aef4b5a 100644
--- a/core/pkg/net/ssl/ssl.go
+++ b/core/pkg/net/ssl/ssl.go
@@ -36,7 +36,7 @@ func AddOrUpdateCertAndKey(name string, cert, key, ca []byte) (*ingress.SSLCert,
 	pemName := fmt.Sprintf("%v.pem", name)
 	pemFileName := fmt.Sprintf("%v/%v", ingress.DefaultSSLDirectory, pemName)
 
-	tempPemFile, err := ioutil.TempFile("", pemName)
+	tempPemFile, err := ioutil.TempFile(ingress.TempSSLDirectory, pemName)
 	if err != nil {
 		return nil, fmt.Errorf("could not create temp pem file %v: %v", tempPemFile.Name(), err)
 	}