diff --git a/CHANGELOG.md b/CHANGELOG.md
index f544610..c574f05 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 ## Unreleased
 
+## [4.3.0-1] - 26/11/2018
+### Added
+* Allow to use a pre-existing `server.pem` file mounted into the container to serve the BackupPC UI over https
+
 ## [4.3.0] - 26/11/2018
 ### Changed
 * Update BackupPC to 4.2.0
diff --git a/README.md b/README.md
index 5af26d2..a127444 100644
--- a/README.md
+++ b/README.md
@@ -160,6 +160,8 @@ docker run \
 
 Then you can access the UI through the secured URL https://YOUR_SERVER_IP/. Of course, as the SSL certificate is self-signed, your browser will alert you about this unsecured certificate.
 
+_NB: You can also use your own SSL certificate: merge together the private key and the certificate into a `server.pem` file (eg. `cat server.key server.crt > server.pem`), and mount `certificate.pem` on the container path `/etc/lighttpd/server.pem` (eg. `--volume /you/path/to/certificate.pem:/etc/lighttpd/server.pem`)._
+
 ### Advanced SSL use
 
 Instead of providing a very advanced SSL configuration in this Docker, and reinvent the wheel, it is advised to run your backuppc instance without SSL and without exposing the 8080 port, and launch a second container with a secured SSL reverse-proxy pointing to the BackupPC instance.
diff --git a/VERSION b/VERSION
index 8089590..c94b09b 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-4.3.0
+4.3.0-1
diff --git a/files/entrypoint.sh b/files/entrypoint.sh
index dc114c1..7e664dd 100755
--- a/files/entrypoint.sh
+++ b/files/entrypoint.sh
@@ -68,17 +68,20 @@ if [ -f /firstrun ]; then
 
 	# Prepare lighttpd
 	if [ "$USE_SSL" = true ]; then
-		# Generate certificate file as needed
-		cd /etc/lighttpd
-		openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
-		openssl rsa -passin pass:x -in server.pass.key -out server.key
-		openssl req -new -key server.key -out server.csr \
-			-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com"
-		openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
-		cat server.key server.crt > server.pem
-		chown "$BACKUPPC_USERNAME":"$BACKUPPC_GROUPNAME" server.pem
-		chmod 0600 server.pem
-		rm -f server.pass.key server.key server.csr server.crt
+		# Do not generate a certificate if user already mapped the file with docker --volume
+		if [ ! -e /etc/lighttpd/server.pem ]; then
+			# Generate certificate file as needed
+			cd /etc/lighttpd
+			openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
+			openssl rsa -passin pass:x -in server.pass.key -out server.key
+			openssl req -new -key server.key -out server.csr \
+				-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com"
+			openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
+			cat server.key server.crt > server.pem
+			chown "$BACKUPPC_USERNAME":"$BACKUPPC_GROUPNAME" server.pem
+			chmod 0600 server.pem
+			rm -f server.pass.key server.key server.csr server.crt
+		fi
 		# Reconfigure lighttpd to use ssl
 		echo "ssl.engine = \"enable\"" >> /etc/lighttpd/lighttpd.conf
 		echo "ssl.pemfile = \"/etc/lighttpd/server.pem\"" >> /etc/lighttpd/lighttpd.conf