diff --git a/Caddyfile.template b/Caddyfile.template
index 09093f7..f4e3c6b 100644
--- a/Caddyfile.template
+++ b/Caddyfile.template
@@ -1,7 +1,3 @@
-{
-       EXTRA
-}
-
 DASH_IP.roboscapeonlineservers.netsblox.org {
         EXTRA
         reverse_proxy :15000
diff --git a/Dockerfile-caddy b/Dockerfile-caddy
index b979ec7..acb62d0 100644
--- a/Dockerfile-caddy
+++ b/Dockerfile-caddy
@@ -1,6 +1,6 @@
 FROM caddy:2-alpine
 
-RUN apk add --no-cache curl
+RUN apk add --no-cache curl nss-tools openssl
 
 COPY update_caddyfile.sh .
 COPY Caddyfile.template .
diff --git a/update_caddyfile.sh b/update_caddyfile.sh
index 101c361..97e512f 100755
--- a/update_caddyfile.sh
+++ b/update_caddyfile.sh
@@ -1,3 +1,5 @@
+echo "Updating Caddyfile"
+
 # Get the current IP address in the DASH_IP format
 DASH_IP="`curl -s http://checkip.amazonaws.com | tr . -`"
 
@@ -13,8 +15,15 @@ if [[ -n "$CERT" && -n "$KEY" ]]; then
   echo "$CERT" | base64 -d > cert.pem
   echo "$KEY" | base64 -d > key.pem
 
-  # Replace the placeholder with TLS configuration
-  sed -i -e "s/EXTRA/tls cert.pem key.pem/" Caddyfile
+  # Verify the certificate is still valid
+  EXPIRY_DATE=`openssl x509 -enddate -noout -in cert.pem | cut -d= -f2 | sed 's/ GMT//g'`
+  if [[ `date -d "$EXPIRY_DATE" +%s` -lt `date +%s` ]]; then
+    echo "Certificate has expired"
+    sed -i -e "s/EXTRA//" Caddyfile
+  else
+    # Replace the placeholder with TLS configuration
+    sed -i -e "s/EXTRA/tls cert.pem key.pem/" Caddyfile
+  fi
 else
   # Replace the placeholder with no TLS configuration
   sed -i -e "s/EXTRA//" Caddyfile