diff --git a/doc/configuration.txt b/doc/configuration.txt
index 583df4773..e1ae117b0 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -14435,7 +14435,8 @@ check
       transport layer. This means TCP by default, or SSL/TLS when "ssl" or
       "check-ssl" are set, both possibly combined with connection prefixes such
       as a PROXY protocol header when "send-proxy" or "check-send-proxy" are
-      set.
+      set. This behavior is slightly different for dynamic servers, read the
+      following paragraphs for more details.
     - when set and an application-level health check is defined, the
       application-level exchanges are performed on top of the configured
       transport layer and the server is considered available if all of the
@@ -14449,6 +14450,11 @@ check
   parameters are not reused. One must explicitly set "check-send-proxy" to send
   connection headers, "check-ssl" to use SSL/TLS.
 
+  Note that the implicit configuration of ssl and PROXY protocol is not
+  performed for dynamic servers. In this case, it is required to explicitely
+  use "check-ssl" and "check-send-proxy" when wanted, even if the check port is
+  not overridden.
+
   When "sni" or "alpn" are set on the server line, their value is not used for
   health checks and one must use "check-sni" or "check-alpn".
 
diff --git a/src/check.c b/src/check.c
index 413ef3fda..da2deab37 100644
--- a/src/check.c
+++ b/src/check.c
@@ -1566,22 +1566,33 @@ int init_srv_check(struct server *srv)
 
 	check_type = srv->check.tcpcheck_rules->flags & TCPCHK_RULES_PROTO_CHK;
 
-	/* If neither a port nor an addr was specified and no check transport
-	 * layer is forced, then the transport layer used by the checks is the
-	 * same as for the production traffic. Otherwise we use raw_sock by
-	 * default, unless one is specified.
-	 */
-	if (!srv->check.port && !is_addr(&srv->check.addr)) {
-		if (!srv->check.use_ssl && srv->use_ssl != -1) {
-			srv->check.use_ssl = srv->use_ssl;
-			srv->check.xprt    = srv->xprt;
+	if (!(srv->flags & SRV_F_DYNAMIC)) {
+		/* If neither a port nor an addr was specified and no check
+		 * transport layer is forced, then the transport layer used by
+		 * the checks is the same as for the production traffic.
+		 * Otherwise we use raw_sock by default, unless one is
+		 * specified.
+		 */
+		if (!srv->check.port && !is_addr(&srv->check.addr)) {
+			if (!srv->check.use_ssl && srv->use_ssl != -1) {
+				srv->check.use_ssl = srv->use_ssl;
+				srv->check.xprt    = srv->xprt;
+			}
+			else if (srv->check.use_ssl == 1)
+				srv->check.xprt = xprt_get(XPRT_SSL);
+			srv->check.send_proxy |= (srv->pp_opts);
 		}
 		else if (srv->check.use_ssl == 1)
 			srv->check.xprt = xprt_get(XPRT_SSL);
-		srv->check.send_proxy |= (srv->pp_opts);
 	}
-	else if (srv->check.use_ssl == 1)
-		srv->check.xprt = xprt_get(XPRT_SSL);
+	else {
+		/* For dynamic servers, check-ssl and check-send-proxy must be
+		 * explicitely defined even if the check port was not
+		 * overridden.
+		 */
+		if (srv->check.use_ssl == 1)
+			srv->check.xprt = xprt_get(XPRT_SSL);
+	}
 
 	/* Inherit the mux protocol from the server if not already defined for
 	 * the check