diff --git a/data/hooks/conf_regen/02-ssl b/data/hooks/conf_regen/02-ssl
index f74da20af..1df3a3260 100755
--- a/data/hooks/conf_regen/02-ssl
+++ b/data/hooks/conf_regen/02-ssl
@@ -78,6 +78,9 @@ do_init_regen() {
       ln -sf "$ynh_crt" /etc/ssl/certs/yunohost_crt.pem
       ln -sf "$ynh_key" /etc/ssl/private/yunohost_key.pem
   fi
+
+  chown -R root:ssl-cert /etc/yunohost/certs/yunohost.org/
+  chmod o-rwx /etc/yunohost/certs/yunohost.org/
 }
 
 do_pre_regen() {
diff --git a/data/hooks/conf_regen/06-slapd b/data/hooks/conf_regen/06-slapd
index 90854b757..4c3c0b8e7 100755
--- a/data/hooks/conf_regen/06-slapd
+++ b/data/hooks/conf_regen/06-slapd
@@ -78,6 +78,8 @@ do_post_regen() {
 
   # Add openldap user in the ssl-cert group to let it access the certificate for TLS
   sudo usermod -aG ssl-cert openldap
+  chown -R root:ssl-cert /etc/yunohost/certs/yunohost.org/
+  chmod o-rwx /etc/yunohost/certs/yunohost.org/
 
   [ -z "$regen_conf_files" ] && exit 0
 
diff --git a/data/templates/slapd/slapd.conf b/data/templates/slapd/slapd.conf
index 3046d9c7f..8b30ab6e5 100644
--- a/data/templates/slapd/slapd.conf
+++ b/data/templates/slapd/slapd.conf
@@ -42,7 +42,7 @@ sizelimit 500
 tool-threads 1
 
 # TLS Support
-TLSCertificateFile /etc/ssl/private/yunohost_crt.pem
+TLSCertificateFile /etc/ssl/certs/yunohost_crt.pem
 TLSCertificateKeyFile /etc/ssl/private/yunohost_key.pem
 
 #######################################################################