diff --git a/BTCPayServer/Configuration/ConfigurationExtensions.cs b/BTCPayServer/Configuration/ConfigurationExtensions.cs
index 528c63d73..f7c033ce4 100644
--- a/BTCPayServer/Configuration/ConfigurationExtensions.cs
+++ b/BTCPayServer/Configuration/ConfigurationExtensions.cs
@@ -37,6 +37,8 @@ namespace BTCPayServer.Configuration
                 }
             else if (typeof(T) == typeof(string))
                 return (T)(object)str;
+            else if (typeof(T) == typeof(IPAddress))
+                return (T)(object)IPAddress.Parse(str);
             else if (typeof(T) == typeof(IPEndPoint))
             {
                 var separator = str.LastIndexOf(":", StringComparison.InvariantCulture);
diff --git a/BTCPayServer/Configuration/DefaultConfiguration.cs b/BTCPayServer/Configuration/DefaultConfiguration.cs
index 05de6d0d3..a59d513f5 100644
--- a/BTCPayServer/Configuration/DefaultConfiguration.cs
+++ b/BTCPayServer/Configuration/DefaultConfiguration.cs
@@ -106,6 +106,8 @@ namespace BTCPayServer.Configuration
             builder.AppendLine("### Server settings ###");
             builder.AppendLine("#port=" + defaultSettings.DefaultPort);
             builder.AppendLine("#bind=127.0.0.1");
+            builder.AppendLine("#httpscertificatefilepath=devtest.pfx");
+            builder.AppendLine("#httpscertificatefilepassword=toto");
             builder.AppendLine();
             builder.AppendLine("### Database ###");
             builder.AppendLine("#postgres=User ID=root;Password=myPassword;Host=localhost;Port=5432;Database=myDataBase;");
diff --git a/BTCPayServer/Hosting/Startup.cs b/BTCPayServer/Hosting/Startup.cs
index 2e4d4628a..f3201880b 100644
--- a/BTCPayServer/Hosting/Startup.cs
+++ b/BTCPayServer/Hosting/Startup.cs
@@ -119,14 +119,29 @@ namespace BTCPayServer.Hosting
                 });
             });
 
-            // Needed to debug U2F for ledger support
-            //services.Configure<KestrelServerOptions>(kestrel =>
-            //{
-            //    kestrel.Listen(IPAddress.Loopback, 5012, l =>
-            //    {
-            //        l.UseHttps("devtest.pfx", "toto");
-            //    });
-            //});
+            // If the HTTPS certificate path is not set this logic will NOT be used and the default Kestrel binding logic will be.
+            string httpsCertificateFilePath = Configuration.GetOrDefault<string>("HttpsCertificateFilePath", null);
+
+            if (!String.IsNullOrEmpty(httpsCertificateFilePath))
+            {
+                var bindAddress = Configuration.GetOrDefault<IPAddress>("bind", IPAddress.Any);
+                int bindPort = Configuration.GetOrDefault<int>("port", 443);
+
+                services.Configure<KestrelServerOptions>(kestrel =>
+                {
+                    if (!File.Exists(httpsCertificateFilePath))
+                    {
+                        // Note that by design this is a fatal error condition that will cause the process to exit.
+                        throw new ConfigException($"The https certificate file could not be found at {httpsCertificateFilePath}.");
+                    }
+
+                    Logs.Configuration.LogInformation($"Https certificate file path {httpsCertificateFilePath}.");
+                    kestrel.Listen(bindAddress, bindPort, l =>
+                    {
+                        l.UseHttps(httpsCertificateFilePath, Configuration.GetOrDefault<string>("HttpsCertificateFilePassword", null));
+                    });
+                });
+            }
         }
 
         public void Configure(