diff --git a/docs/certinstall.rst b/docs/certinstall.rst
index f5b92aeb1..68ad59cc5 100644
--- a/docs/certinstall.rst
+++ b/docs/certinstall.rst
@@ -135,7 +135,7 @@ mitmproxy. Mitmproxy then uses the provided certificate for interception of the
 specified domains instead of generating a certificate signed by its own CA.
 
 The certificate file is expected to be in the PEM format.  You can include
-intermediary certificates right below your leaf certificate, so that you PEM
+intermediary certificates right below your leaf certificate, so that your PEM
 file roughly looks like this:
 
 .. code-block:: none
diff --git a/mitmproxy/protocol/http.py b/mitmproxy/protocol/http.py
index e14879436..d3e3c80f6 100644
--- a/mitmproxy/protocol/http.py
+++ b/mitmproxy/protocol/http.py
@@ -185,8 +185,11 @@ class HttpLayer(base.Layer):
                 return
 
             # update host header in reverse proxy mode
-            if self.mode == "reverse":
-                flow.request.headers["Host"] = self.config.upstream_server.address.host
+            if self.config.options.mode == "reverse":
+                if six.PY2:
+                    flow.request.headers["Host"] = self.config.upstream_server.address.host.encode()
+                else:
+                    flow.request.headers["Host"] = self.config.upstream_server.address.host
 
             # set upstream auth
             if self.mode == "upstream" and self.config.upstream_auth is not None: