diff --git a/util/Setup/NginxConfigBuilder.cs b/util/Setup/NginxConfigBuilder.cs
index b1042c3b7b..c2395b3148 100644
--- a/util/Setup/NginxConfigBuilder.cs
+++ b/util/Setup/NginxConfigBuilder.cs
@@ -5,6 +5,7 @@ namespace Bit.Setup
 {
     public class NginxConfigBuilder
     {
+        private const string ConfFile = "/bitwarden/nginx/default.conf";
         private const string SslCiphers =
             "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:" +
             "DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:" +
@@ -12,13 +13,16 @@ namespace Bit.Setup
             "ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:" +
             "AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@STRENGTH";
 
-        public NginxConfigBuilder(string domain, string url, bool ssl, bool selfSignedSsl, bool letsEncrypt)
+        public NginxConfigBuilder(string domain, string url, bool ssl, bool selfSignedSsl, bool letsEncrypt,
+            bool trusted, bool diffieHellman)
         {
             Domain = domain;
             Url = url;
             Ssl = ssl;
             SelfSignedSsl = selfSignedSsl;
             LetsEncrypt = letsEncrypt;
+            Trusted = trusted;
+            DiffieHellman = diffieHellman;
         }
 
         public NginxConfigBuilder(string domain, string url)
@@ -37,35 +41,15 @@ namespace Bit.Setup
 
         public void BuildForInstaller()
         {
-            if(Ssl && !SelfSignedSsl && !LetsEncrypt)
-            {
-                Console.Write("(!) Use Diffie Hellman ephemeral parameters for SSL (requires dhparam.pem)? (y/n): ");
-                DiffieHellman = Console.ReadLine().ToLowerInvariant() == "y";
-            }
-            else
-            {
-                DiffieHellman = LetsEncrypt;
-            }
-
-            if(Ssl && !SelfSignedSsl && !LetsEncrypt)
-            {
-                Console.Write("(!) Is this a trusted SSL certificate (requires ca.crt)? (y/n): ");
-                Trusted = Console.ReadLine().ToLowerInvariant() == "y";
-            }
-            else
-            {
-                Trusted = LetsEncrypt;
-            }
-
             Build();
         }
 
         public void BuildForUpdater()
         {
-            if(File.Exists("/bitwarden/nginx/default.conf"))
+            if(File.Exists(ConfFile))
             {
-                var confContent = File.ReadAllText("/bitwarden/nginx/default.conf");
-                Ssl = confContent.Contains("listen 8081 ssl http2;") || confContent.Contains("listen 443 ssl http2;");
+                var confContent = File.ReadAllText(ConfFile);
+                Ssl = confContent.Contains("ssl http2;");
                 SelfSignedSsl = confContent.Contains("/etc/ssl/self/");
                 LetsEncrypt = !SelfSignedSsl && confContent.Contains("/etc/letsencrypt/live/");
                 DiffieHellman = confContent.Contains("/dhparam.pem;");
@@ -86,7 +70,7 @@ namespace Bit.Setup
             var caFile = LetsEncrypt ? "fullchain.pem" : "ca.crt";
 
             Console.WriteLine("Building nginx config.");
-            using(var sw = File.CreateText("/bitwarden/nginx/default.conf"))
+            using(var sw = File.CreateText(ConfFile))
             {
                 sw.WriteLine($@"# Config Parameters
 # Parameter:Ssl={Ssl}
diff --git a/util/Setup/Program.cs b/util/Setup/Program.cs
index 6c5c4d1d1a..d9a16a4a62 100644
--- a/util/Setup/Program.cs
+++ b/util/Setup/Program.cs
@@ -86,6 +86,16 @@ namespace Bit.Setup
             var selfSignedSsl = certBuilder.BuildForInstall();
             ssl = certBuilder.Ssl; // Ssl prop can get flipped during the build
 
+            var sslTrusted = letsEncrypt;
+            var sslDiffieHellman = letsEncrypt;
+            if(ssl && !selfSignedSsl && !letsEncrypt)
+            {
+                Console.Write("(!) Use Diffie Hellman ephemeral parameters for SSL (requires dhparam.pem)? (y/n): ");
+                sslDiffieHellman = Console.ReadLine().ToLowerInvariant() == "y";
+                Console.Write("(!) Is this a trusted SSL certificate (requires ca.crt)? (y/n): ");
+                sslTrusted = Console.ReadLine().ToLowerInvariant() == "y";
+            }
+
             var url = $"https://{domain}";
             Console.Write("(!) Do you want to use the default ports for HTTP (80) and HTTPS (443)? (y/n): ");
             var defaultPorts = Console.ReadLine().ToLowerInvariant() == "y";
@@ -155,7 +165,8 @@ namespace Bit.Setup
             Console.Write("(!) Do you want to use push notifications? (y/n): ");
             var push = Console.ReadLine().ToLowerInvariant() == "y";
 
-            var nginxBuilder = new NginxConfigBuilder(domain, url, ssl, selfSignedSsl, letsEncrypt);
+            var nginxBuilder = new NginxConfigBuilder(domain, url, ssl, selfSignedSsl, letsEncrypt,
+                sslTrusted, sslDiffieHellman);
             nginxBuilder.BuildForInstaller();
 
             var environmentFileBuilder = new EnvironmentFileBuilder