diff --git a/rootfs/etc/nginx/lua/certificate.lua b/rootfs/etc/nginx/lua/certificate.lua
index e07ebcb08..cf46f92e5 100644
--- a/rootfs/etc/nginx/lua/certificate.lua
+++ b/rootfs/etc/nginx/lua/certificate.lua
@@ -28,7 +28,9 @@ local function set_pem_cert_key(pem_cert_key)
   end
 end
 
-local function get_pem_cert_key(hostname)
+local function get_pem_cert_key(raw_hostname)
+  local hostname = re_sub(raw_hostname, "\\.$", "", "jo")
+
   local pem_cert_key = configuration.get_pem_cert_key(hostname)
   if pem_cert_key then
     return pem_cert_key
diff --git a/rootfs/etc/nginx/lua/test/certificate_test.lua b/rootfs/etc/nginx/lua/test/certificate_test.lua
index 2de532ad6..e47231655 100644
--- a/rootfs/etc/nginx/lua/test/certificate_test.lua
+++ b/rootfs/etc/nginx/lua/test/certificate_test.lua
@@ -66,6 +66,20 @@ describe("Certificate", function()
       assert_certificate_is_set(EXAMPLE_CERT)
     end)
 
+    it("sets certificate and key for domain with trailing dot", function()
+      ssl.server_name = function() return "hostname.", nil end
+      ngx.shared.certificate_data:set("hostname", EXAMPLE_CERT)
+
+      assert_certificate_is_set(EXAMPLE_CERT)
+    end)
+
+    it("fallbacks to default certificate and key for domain with many trailing dots", function()
+      ssl.server_name = function() return "hostname..", nil end
+      ngx.shared.certificate_data:set("hostname", EXAMPLE_CERT)
+
+      assert_certificate_is_set(DEFAULT_CERT)
+    end)
+
     it("sets certificate and key for nested wildcard cert", function()
       ssl.server_name = function() return "sub.nested.hostname", nil end
       ngx.shared.certificate_data:set("*.nested.hostname", EXAMPLE_CERT)