diff --git a/rootfs/etc/nginx/lua/certificate.lua b/rootfs/etc/nginx/lua/certificate.lua
index 0816c9e4c..a575d77c5 100644
--- a/rootfs/etc/nginx/lua/certificate.lua
+++ b/rootfs/etc/nginx/lua/certificate.lua
@@ -46,7 +46,10 @@ local function set_der_cert_and_key(der_cert, der_priv_key)
 end
 
 local function get_pem_cert_uid(raw_hostname)
-  local hostname = re_sub(raw_hostname, "\\.$", "", "jo")
+  -- Convert hostname to ASCII lowercase (see RFC 6125 6.4.1) so that requests with uppercase
+  -- host would lead to the right certificate being chosen (controller serves certificates for
+  -- lowercase hostnames as specified in Ingress object's spec.rules.host)
+  local hostname = re_sub(raw_hostname, "\\.$", "", "jo"):gsub("[A-Z]", function(c) return c:lower() end)
 
   local uid = certificate_servers:get(hostname)
   if uid then