diff --git a/proxy/README.md b/proxy/README.md
index 07c55c06b..fcb6d1c69 100644
--- a/proxy/README.md
+++ b/proxy/README.md
@@ -18,8 +18,9 @@ be set to avoid hitting rate limits.
 Importantly, port 80 on the host must be forwarded to port 8001 on which caddy
 will answer the ACME-challenge during certificate retrieval.
 
-Alternatively a locally generated certificate can be used by executing
-`make-localhost-cert.sh` before building the docker image (!) and setting
-`ENABLE_LOCAL_HTTPS=1`. This is mostly for dev setup purposes and is not useful
-for a public domain as the cert is not issued by a trusted CA and therefore
-not trusted by browsers. If set, this overrules `ENABLE_AUTO_HTTPS`.
+Alternatively a locally generated certificate can be used by setting
+`ENABLE_LOCAL_HTTPS=1 HTTPS_CERT_FILE=path/to/crt HTTPS_CERT_FILE=path/to/key`
+and providing cert and key files at the specified location. This is mostly for
+dev and testing setups and is not useful for a public domain as the cert is not
+issued by a trusted CA and therefore not trusted by browsers. If set, this
+overrules `ENABLE_AUTO_HTTPS`.
diff --git a/proxy/entrypoint b/proxy/entrypoint
index f07586092..55ec66ee2 100755
--- a/proxy/entrypoint
+++ b/proxy/entrypoint
@@ -4,6 +4,8 @@ set -e
 
 config=/etc/caddy/config.json
 base=/caddy_base.json
+HTTPS_CERT_FILE="${HTTPS_CERT_FILE:-/certs/cert.pem}"
+HTTPS_KEY_FILE="${HTTPS_KEY_FILE:-/certs/key.pem}"
 
 # set defaults in base
 ACTION_HOST="${ACTION_HOST:-backend}" ACTION_PORT="${ACTION_PORT:-9002}" \
@@ -23,12 +25,12 @@ jq_write() {
 
 ### HTTPS ###
 if [ -n "$ENABLE_LOCAL_HTTPS" ]; then
-  [ -f /certs/cert.pem ] && [ -f /certs/key.pem ] || {
+  [ -f "$HTTPS_CERT_FILE" ] && [ -f "$HTTPS_KEY_FILE" ] || {
     echo "ERROR: no local cert-files provided. Did you run make-localhost-cert.sh?"
     exit 1
   }
   jq_write ".apps.http.servers.srv0.tls_connection_policies = [{ certificate_selection: { any_tag: [ \"cert0\" ] }}]"
-  jq_write ".apps.tls = { certificates: { load_files: [{ certificate: \"/certs/cert.pem\", key: \"/certs/key.pem\", tags: [ \"cert0\" ] }] }}"
+  jq_write ".apps.tls = { certificates: { load_files: [{ certificate: \"$HTTPS_CERT_FILE\", key: \"$HTTPS_KEY_FILE\", tags: [ \"cert0\" ] }] }}"
 else
   if [ -n "$ENABLE_AUTO_HTTPS" ]; then
     if [ -n "$EXTERNAL_ADDRESS" ]; then