diff --git a/docker/imap/Dockerfile b/docker/imap/Dockerfile
index 3b124955..efc52959 100644
--- a/docker/imap/Dockerfile
+++ b/docker/imap/Dockerfile
@@ -1,74 +1,75 @@
 FROM apheleia/almalinux9
 
 WORKDIR /root/
 
 RUN dnf -y install \
         --setopt 'tsflags=nodocs' \
         git \
         autoconf \
         automake \
         bison \
         cyrus-sasl-devel \
         flex \
         gcc \
         gcc-c++ \
         gperf \
         jansson-devel \
         libbsd-devel \
         libtool \
         libicu-devel \
         libuuid-devel \
         openssl-devel \
         pkgconfig \
         sqlite-devel \
         brotli-devel \
         libzstd-devel \
         libical-devel \
         libxml2-devel \
         libnghttp2-devel \
         shapelib \
         zlib-devel \
         pcre-devel \
         perl-devel \
         cyrus-sasl \
         cyrus-sasl-plain \
         perl-Cyrus \
         rsync && \
     dnf clean all
 
 ARG GIT_REF=dev/mollekopf
 ARG GIT_REMOTE=https://git.kolab.org/source/cyrus-imapd
 
 ADD build.sh /build.sh
 RUN /build.sh
 
 COPY /rootfs /
 
 VOLUME [ "/var/spool/imap" ]
 VOLUME [ "/var/lib/imap" ]
 
 RUN id default || (groupadd -g 1001 default && useradd -d /opt/app-root/ -u 1001 -g 1001 default)
 
 RUN mkdir -p /opt/app-root/src
 RUN PATHS=(/run /run/saslauthd /var/run /var/lib/imap /var/spool/imap /etc/pki/cyrus-imapd /opt/app-root/src) && \
     mkdir -p ${PATHS[@]} && \
     chmod 777 ${PATHS[@]} && \
     chown -R 1001:0 ${PATHS[@]} && \
     chmod -R g=u ${PATHS[@]}
 
-RUN PATHS=(/etc /etc/passwd /etc/saslauthd.conf /etc/cyrus.conf /etc/imapd.conf) && \
+RUN touch /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
+RUN PATHS=(/etc /etc/passwd /etc/saslauthd.conf /etc/cyrus.conf /etc/imapd.conf /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem) && \
     chown 1001:0 ${PATHS[@]} && \
     chmod g=u ${PATHS[@]}
 
 USER 1001
 WORKDIR /opt/app-root/src
 
 ENV SERVICES_PORT=8000
 ENV IMAPD_CONF=/etc/imapd.conf
 ENV CYRUS_CONF=/etc/cyrus.conf
 
 # ENV APP_SERVICES_DOMAIN
 
 CMD ["/init.sh"]
 
 EXPOSE 11143/tcp 11993/tcp 11080/tcp 11443/tcp 11024/tcp 4190/tcp
diff --git a/docker/imap/rootfs/init.sh b/docker/imap/rootfs/init.sh
index c5d1e97d..ba3351cd 100755
--- a/docker/imap/rootfs/init.sh
+++ b/docker/imap/rootfs/init.sh
@@ -1,46 +1,45 @@
 #!/bin/bash
 
 set -e
 
 sed -i -r \
     -e "s|IMAP_ADMIN_LOGIN|$IMAP_ADMIN_LOGIN|g" \
     -e "s|IMAP_ADMIN_PASSWORD|$IMAP_ADMIN_PASSWORD|g" \
     $IMAPD_CONF
 
 sed -i -r \
     -e "s|APP_SERVICES_DOMAIN|$APP_SERVICES_DOMAIN|g" \
     -e "s|SERVICES_PORT|$SERVICES_PORT|g" \
     /etc/saslauthd.conf
 
 if [[ "$CYRUS_CONF" != "/etc/cyrus.conf" ]]; then
     cp "$CYRUS_CONF" /etc/cyrus.conf
 fi
 
 if [[ "$IMAPD_CONF" != "/etc/imapd.conf" ]]; then
     cp "$IMAPD_CONF" /etc/imapd.conf
 fi
 
 mkdir -p /var/lib/imap/socket
 mkdir -p /var/lib/imap/db
 
 if [[ -f ${SSL_CERTIFICATE} ]]; then
     cat ${SSL_CERTIFICATE} ${SSL_CERTIFICATE_FULLCHAIN} ${SSL_CERTIFICATE_KEY} > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
-    chown 1001:0 /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
 fi
 
 /usr/sbin/saslauthd -m /run/saslauthd -a httpform -d &
 # Can't run as user because of /dev/ permissions so far.
 # Cyrus imap only logs to /dev/log, no way around it it seems.
 # sudo rsyslogd
 
 
 # Cyrus needs an entry in /etc/passwd. THe alternative would be perhaps the nss_wrapper
 # https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines
 # FIXME: This probably currently just works because we make /etc/ writable, which I suppose we shouldn't.
 ID=$(id -u)
 GID=$(id -g)
 echo "$ID:x:$ID:$GID::/opt/app-root/:/bin/bash" > /etc/passwd
 
 exec env CYRUS_VERBOSE=1 CYRUS_USER="$ID" /usr/libexec/master -D -p /var/run/master.pid