diff --git a/pkg/tls/tlsmanager.go b/pkg/tls/tlsmanager.go
index 98dfbfc03..9bb0f12de 100644
--- a/pkg/tls/tlsmanager.go
+++ b/pkg/tls/tlsmanager.go
@@ -39,11 +39,12 @@ func (m *Manager) UpdateConfigs(stores map[string]Store, configs map[string]TLS,
 
 	m.stores = make(map[string]*CertificateStore)
 	for storeName, storeConfig := range m.storesConfig {
-		var err error
-		m.stores[storeName], err = buildCertificateStore(storeConfig)
+		store, err := buildCertificateStore(storeConfig)
 		if err != nil {
-			log.Errorf("Error while creating certificate store %s", storeName)
+			log.Errorf("Error while creating certificate store %s: %v", storeName, err)
+			continue
 		}
+		m.stores[storeName] = store
 	}
 
 	storesCertificates := make(map[string]map[string]*tls.Certificate)
@@ -137,14 +138,14 @@ func buildCertificateStore(tlsStore Store) (*CertificateStore, error) {
 	if tlsStore.DefaultCertificate != nil {
 		cert, err := buildDefaultCertificate(tlsStore.DefaultCertificate)
 		if err != nil {
-			return nil, err
+			return certificateStore, err
 		}
 		certificateStore.DefaultCertificate = cert
 	} else {
 		log.Debug("No default certificate, generate one")
 		cert, err := generate.DefaultCertificate()
 		if err != nil {
-			return nil, err
+			return certificateStore, err
 		}
 		certificateStore.DefaultCertificate = cert
 	}
diff --git a/pkg/tls/tlsmanager_test.go b/pkg/tls/tlsmanager_test.go
index 253a0a1b0..f73cfe051 100644
--- a/pkg/tls/tlsmanager_test.go
+++ b/pkg/tls/tlsmanager_test.go
@@ -62,3 +62,30 @@ func TestTLSInStore(t *testing.T) {
 		t.Fatal("got error: default store must have TLS certificates.")
 	}
 }
+
+func TestTLSInvalidStore(t *testing.T) {
+	dynamicConfigs :=
+		[]*Configuration{
+			{
+				Certificate: &Certificate{
+					CertFile: localhostCert,
+					KeyFile:  localhostKey,
+				},
+			},
+		}
+
+	tlsManager := NewManager()
+	tlsManager.UpdateConfigs(map[string]Store{
+		"default": {
+			DefaultCertificate: &Certificate{
+				CertFile: "/wrong",
+				KeyFile:  "/wrong",
+			},
+		},
+	}, nil, dynamicConfigs)
+
+	certs := tlsManager.GetStore("default").DynamicCerts.Get().(map[string]*tls.Certificate)
+	if len(certs) == 0 {
+		t.Fatal("got error: default store must have TLS certificates.")
+	}
+}