diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 198ac634a..4a85a5dc6 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -1337,6 +1337,9 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
 					if (ckchi->is_default)
 						new_inst->is_default = 1;
 
+					/* create the link to the crtlist_entry */
+					new_inst->crtlist_entry = ckchi->crtlist_entry;
+
 					/* we need to initialize the SSL_CTX generated */
 					/* this iterate on the newly generated SNIs in the new instance to prepare their SSL_CTX */
 					list_for_each_entry_safe(sc0, sc0s, &new_inst->sni_ctx, by_ckch_inst) {
@@ -1374,6 +1377,12 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
 					ebpt_insert(&entry->crtlist->entries, &entry->node);
 				}
 
+				/* insert the new ckch_insts in the crtlist_entry */
+				list_for_each_entry(ckchi, &new_ckchs->ckch_inst, by_ckchs) {
+					if (ckchi->crtlist_entry)
+						LIST_ADD(&ckchi->crtlist_entry->ckch_inst, &ckchi->by_crtlist_entry);
+				}
+
 				/* First, we insert every new SNIs in the trees, also replace the default_ctx */
 				list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
 					HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);