diff --git a/syncplay/protocols.py b/syncplay/protocols.py
index 78d6add..9669261 100755
--- a/syncplay/protocols.py
+++ b/syncplay/protocols.py
@@ -2,6 +2,7 @@
 import json
 import time
 from functools import wraps
+from os.path import getmtime
 
 from twisted.protocols.basic import LineReceiver
 from twisted.internet.interfaces import IHandshakeListener
@@ -669,7 +670,9 @@ class SyncServerProtocol(JSONCommandProtocol):
     def handleTLS(self, message):
         inquiry = message["startTLS"] if "startTLS" in message else None
         if "send" in inquiry:
-            if not self.isLogged() and self._factory.options is not None:
+            if not self.isLogged() and self._factory.serverAcceptsTLS and self._factory.options is not None:
+                if self._factory.checkLastEditCertTime() > self.lastEditCertTime:
+                    self._factory.updateTLSContextFactory()
                 self.sendTLS({"startTLS": "true"})
                 self.transport.startTLS(self._factory.options)
             else:
diff --git a/syncplay/server.py b/syncplay/server.py
index 3a9612c..e7570da 100755
--- a/syncplay/server.py
+++ b/syncplay/server.py
@@ -208,28 +208,46 @@ class SyncFactory(Factory):
             watcher.setPlaylistIndex(room.getName(), room.getPlaylistIndex())
 
     def _allowTLSconnections(self, path):
+        self.options = self._createTLSContextFactory(path)
+        if self.options is not None:
+            self.serverAcceptsTLS = True
+        else:
+            self.serverAcceptsTLS = False
+            self.lastEditCertTime = None
+            print("TLS support is not enabled.")
+
+    def _createTLSContextFactory(self, path):
         try:
             privKey = open(path+'/privkey.pem', 'rt').read()
             certif = open(path+'/cert.pem', 'rt').read()
             chain = open(path+'/chain.pem', 'rt').read()
 
+            self.lastEditCertTime = os.path.getmtime(path+'/cert.pem')
+
             privKeyPySSL = crypto.load_privatekey(crypto.FILETYPE_PEM, privKey)
             certifPySSL = crypto.load_certificate(crypto.FILETYPE_PEM, certif)
             chainPySSL = [crypto.load_certificate(crypto.FILETYPE_PEM, chain)]
 
             cipherListString = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
-	                           "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:"\
-	                           "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"
+                               "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:"\
+                               "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"
             accCiphers = ssl.AcceptableCiphers.fromOpenSSLCipherString(cipherListString)
 
             contextFactory = ssl.CertificateOptions(privateKey=privKeyPySSL, certificate=certifPySSL,
                                                     extraCertChain=chainPySSL, acceptableCiphers=accCiphers,
                                                     raiseMinimumTo=ssl.TLSVersion.TLSv1_2)
-            self.options = contextFactory
         except Exception as e:
-            self.options = None
             print(e)
-            print("TLS support is not enabled.")
+            contextFactory = None
+
+        return contextFactory
+
+    def checkLastEditCertTime(self):
+        return os.path.getmtime(self.certPath+'/cert.pem')
+
+    def updateTLSContextFactory(self):
+        self.options = self._createTLSContextFactory(self.certPath)
+
 
 
 class StatsRecorder(object):