diff --git a/debian/debian/preinst b/debian/debian/preinst
new file mode 100644
index 0000000000000..df24f8c64de96
--- /dev/null
+++ b/debian/debian/preinst
@@ -0,0 +1,5 @@
+#!/bin/sh -ex
+
+mkdir -p /var/lib/ssl
+mv /usr/lib/ssl/fipsmodule.cnf /var/lib/ssl/fipsmodule.cnf
+ln -s /var/lib/ssl/fipsmodule.cnf /usr/lib/ssl/fipsmodule.cnf
diff --git a/src/freenas/debian/preinst b/src/freenas/debian/preinst
old mode 100644
new mode 100755
diff --git a/src/middlewared/middlewared/scripts/configure_fips.py b/src/middlewared/middlewared/scripts/configure_fips.py
index 821ef4fbd2ae9..4ae05c4fe2a74 100755
--- a/src/middlewared/middlewared/scripts/configure_fips.py
+++ b/src/middlewared/middlewared/scripts/configure_fips.py
@@ -5,7 +5,6 @@
 import subprocess
 
 from middlewared.utils.db import query_config_table
-from middlewared.utils.rootfs import ReadonlyRootfsManager
 
 
 FIPS_MODULE_FILE = '/usr/lib/ssl/fipsmodule.cnf'
@@ -43,14 +42,12 @@ def main() -> None:
     try:
         security_settings = query_config_table('system_security')
     except (sqlite3.OperationalError, IndexError):
-        # This is for the case when users are upgrading and in that case table will not exist
+        # This is for the case when users are upgrading and in that case table will not exist,
         # so we should always disable fips as a default because users might not be able to ssh
         # into the system
         security_settings = {'enable_fips': False}
 
-    with ReadonlyRootfsManager('/') as readonly_rootfs:
-        readonly_rootfs.make_writeable()
-        configure_fips(security_settings['enable_fips'])
+    configure_fips(security_settings['enable_fips'])
 
 
 if __name__ == '__main__':