diff --git a/backup.sh b/backup.sh
index 9f82bd11..04f693ff 100755
--- a/backup.sh
+++ b/backup.sh
@@ -101,6 +101,11 @@ if grep -q CERT_FILE "$local_settings"; then
     KEY_FILE=$(grep "^KEY_FILE" "$local_settings" | awk -F'[= "]' '{print $5}')
     cp -p $CERT_FILE ${tmp_dir}/certs/custom/cert
     cp -p $KEY_FILE ${tmp_dir}/certs/custom/key
+elif grep -q TRMM_INSECURE "$local_settings"; then
+    mkdir -p ${tmp_dir}/certs/selfsigned
+    certdir='/etc/ssl/tactical'
+    cp -p ${certdir}/key.pem ${tmp_dir}/certs/selfsigned/
+    cp -p ${certdir}/cert.pem ${tmp_dir}/certs/selfsigned/
 fi
 
 for i in rmm frontend meshcentral; do
diff --git a/install.sh b/install.sh
index 624079c2..27aa4efb 100644
--- a/install.sh
+++ b/install.sh
@@ -177,8 +177,8 @@ if [[ "$insecure" = true ]]; then
   sudo mkdir -p $certdir
   sudo chown ${USER}:${USER} $certdir
   sudo chmod 770 $certdir
-  CERT_PRIV_KEY=${certdir}/privkey.pem
-  CERT_PUB_KEY=${certdir}/fullchain.pem
+  CERT_PRIV_KEY=${certdir}/key.pem
+  CERT_PUB_KEY=${certdir}/cert.pem
   openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 \
     -nodes -keyout ${CERT_PRIV_KEY} -out ${CERT_PUB_KEY} -subj "/CN=${rootdomain}" \
     -addext "subjectAltName=DNS:${rootdomain},DNS:*.${rootdomain}"
diff --git a/restore.sh b/restore.sh
index 76983593..d76b5916 100755
--- a/restore.sh
+++ b/restore.sh
@@ -209,7 +209,13 @@ if [ -d "${tmp_dir}/certs/custom" ]; then
 
   cp -p ${tmp_dir}/certs/custom/cert $CERT_FILE
   cp -p ${tmp_dir}/certs/custom/key $KEY_FILE
-
+elif [ -d "${tmp_dir}/certs/selfsigned" ]; then
+  certdir='/etc/ssl/tactical'
+  sudo mkdir -p $certdir
+  sudo chown ${USER}:${USER} $certdir
+  sudo chmod 770 $certdir
+  cp -p ${tmp_dir}/certs/selfsigned/key.pem $certdir
+  cp -p ${tmp_dir}/certs/selfsigned/cert.pem $certdir
 fi
 
 print_green 'Restoring celery configs'