diff --git a/.env.example b/.env.example
index fb9eba2506..5f926e9062 100644
--- a/.env.example
+++ b/.env.example
@@ -181,8 +181,10 @@ LIGHTNING_LNBITS_API_KEY=
 LIGHTNING_LNBITS_LNURLP_URL=
 LIGHTNING_LND_API_URL=
 LIGHTNING_LND_ADMIN_MACAROON=
-# Path to the live LND TLS cert file on disk (mounted into the container)
+# Path to the live LND TLS cert file on disk (mounted into the container).
+# If unset, LIGHTNING_API_CERTIFICATE is used instead (hosts without the LND volume).
 LIGHTNING_API_CERTIFICATE_PATH=
+LIGHTNING_API_CERTIFICATE=
 
 MONERO_WALLET_ADDRESS=
 MONERO_NODE_URL=
diff --git a/src/config/config.ts b/src/config/config.ts
index b97bfd2d2b..abf63927ad 100644
--- a/src/config/config.ts
+++ b/src/config/config.ts
@@ -1287,7 +1287,9 @@ export class Configuration {
 
 function readCert(): string | undefined {
   const path = process.env.LIGHTNING_API_CERTIFICATE_PATH;
-  if (!path) return undefined;
+
+  // No path (e.g. prod hosted without the LND volume): use the certificate env var.
+  if (!path) return process.env.LIGHTNING_API_CERTIFICATE?.split('<br>').join('\n');
 
   // Path is set: read the live LND cert from disk and let a missing/unreadable file throw,
   // so a broken mount surfaces immediately instead of being masked by a stale fallback.