diff --git a/src/config/config.ts b/src/config/config.ts
index f8626ed30..dac6f892d 100644
--- a/src/config/config.ts
+++ b/src/config/config.ts
@@ -1,5 +1,6 @@
 import { Injectable, Optional } from '@nestjs/common';
 import { TypeOrmModuleOptions } from '@nestjs/typeorm';
+import { readFileSync } from 'fs';
 
 export enum Process {
   SYNC_ONCHAIN_TRANSACTIONS = 'SyncOnchainTransactions',
@@ -22,6 +23,17 @@ export function GetConfig(): Configuration {
   return new Configuration();
 }
 
+// Reads the live LND TLS certificate from the file pointed to by LIGHTNING_API_CERTIFICATE_PATH.
+// If the path is unset, returns undefined (environments without Lightning, e.g. tests, still boot).
+// If the path is set but the file is missing/unreadable, readFileSync throws so a broken mount
+// surfaces immediately instead of being masked by a stale fallback.
+function readCert(): string | undefined {
+  const path = process.env.LIGHTNING_API_CERTIFICATE_PATH;
+  if (!path) return undefined;
+
+  return readFileSync(path, 'utf8');
+}
+
 export class Configuration {
   port = process.env.PORT ?? 3000;
   environment: Environment = process.env.ENVIRONMENT as Environment;
@@ -117,7 +129,7 @@ export class Configuration {
         wsInvoicesUrl: process.env.LIGHTNING_LND_WS_INVOICES_URL ?? '',
         wsPaymentsUrl: process.env.LIGHTNING_LND_WS_PAYMENTS_URL ?? '',
       },
-      certificate: process.env.LIGHTNING_API_CERTIFICATE?.split('<br>').join('\n'),
+      certificate: readCert(),
       lnbitsapi: {
         apiUrl: process.env.LIGHTNING_LNBITSAPI_API_URL ?? '',
         certificate: process.env.LIGHTNING_LNBITSAPI_CERTIFICATE?.split('<br>').join('\n') ?? '',