diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8b07e4ed778036f4e21ee5e6888acfc042a2e8db..463315c26492299815895641caf187fe9cf9d856 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ omnibus-gitlab repository.
 8.10.4
 
 - Revert Host and X-Forwarded-Host headers in NGINX 9ac08
+- Better handle the ssl certs whitelisted files when the directory has been symlinked
 
 8.10.3
 
diff --git a/files/gitlab-cookbooks/gitlab/libraries/helper.rb b/files/gitlab-cookbooks/gitlab/libraries/helper.rb
index 0db1008aae361c9c31814fc25034a949991951db..b5a8cd65c0db5bd556fd4f513f5b1941d8d26ddf 100644
--- a/files/gitlab-cookbooks/gitlab/libraries/helper.rb
+++ b/files/gitlab-cookbooks/gitlab/libraries/helper.rb
@@ -458,7 +458,7 @@ class CertificateHelper
   def move_existing_certificates
     Dir.glob(File.join(@omnibus_certs_dir, "*")) do |file|
       case
-      when !valid?(file),whitelisted_files.include?(File.realpath(file))
+      when !valid?(file),whitelisted?(file)
         next
       when is_x509_certificate?(file)
         move_certificate(file)
@@ -468,6 +468,10 @@ class CertificateHelper
     end
   end
 
+  def whitelisted?(file)
+    whitelisted_files.include?(file) || whitelisted_files.include?(File.realpath(file))
+  end
+
   def valid?(file)
     exists = File.exists?(file)
     FileUtils.rm_f(file) if File.symlink?(file) && !exists