diff --git a/plugins/builder-dockerfile/internal-functions b/plugins/builder-dockerfile/internal-functions
index 21e36208bb6..28438710fbb 100755
--- a/plugins/builder-dockerfile/internal-functions
+++ b/plugins/builder-dockerfile/internal-functions
@@ -124,8 +124,12 @@ fn-builder-dockerfile-get-detect-port-map() {
         p=${p//\/udp/}
         port_map+="udp:$p:$p "
       else
+        scheme="http"
         p=${p//\/tcp/}
-        port_map+="http:$p:$p "
+        if [[ "$p" == "443" ]]; then
+          scheme="https"
+        fi
+        port_map+="$scheme:$p:$p "
       fi
     done
     echo "$port_map" | xargs
diff --git a/plugins/domains/domains-urls b/plugins/domains/domains-urls
index 3e45c80d5e8..6765d4d17ab 100755
--- a/plugins/domains/domains-urls
+++ b/plugins/domains/domains-urls
@@ -9,25 +9,25 @@ trigger-domains-domains-urls() {
   declare APP="$1" URL_TYPE="$2"
   local urls
 
-  local SCHEME="http"
+  local DEFAULT_SCHEME="http"
   local DEFAULT_LISTEN_PORT="80"
   if [[ "$(plugn trigger certs-exists "$APP")" == "true" ]]; then
-    SCHEME="https"
+    DEFAULT_SCHEME="https"
     DEFAULT_LISTEN_PORT="443"
   fi
 
   urls=$(plugn trigger app-urls "$APP" "$URL_TYPE")
   if [[ -n "$urls" ]]; then
     if [[ "$URL_TYPE" == "url" ]]; then
-      echo "$urls" | tr ' ' '\n' | grep "$SCHEME://" | head -n1
+      echo "$urls" | tr ' ' '\n' | grep "$DEFAULT_SCHEME://" | head -n1
     else
       echo "$urls" | tr ' ' '\n' | sort
     fi
   else
     if [[ "$URL_TYPE" == "url" ]]; then
-      fn-domains-generate-urls "$APP" "$SCHEME" "$DEFAULT_LISTEN_PORT" | tr ' ' '\n' | grep "$SCHEME://" | head -n1
+      fn-domains-generate-urls "$APP" "$DEFAULT_SCHEME" "$DEFAULT_LISTEN_PORT" | tr ' ' '\n' | grep "$DEFAULT_SCHEME://" | head -n1
     else
-      fn-domains-generate-urls "$APP" "$SCHEME" "$DEFAULT_LISTEN_PORT" | tr ' ' '\n' | sort
+      fn-domains-generate-urls "$APP" "$DEFAULT_SCHEME" "$DEFAULT_LISTEN_PORT" | tr ' ' '\n' | sort -u
     fi
   fi
 }
diff --git a/plugins/domains/internal-functions b/plugins/domains/internal-functions
index c4a870c40cc..efc644d104a 100755
--- a/plugins/domains/internal-functions
+++ b/plugins/domains/internal-functions
@@ -116,26 +116,26 @@ fn-domains-global-vhosts() {
 }
 
 fn-domains-generate-urls() {
-  declare APP="$1" SCHEME="$2" DEFAULT_LISTEN_PORT="$3"
+  declare APP="$1" DEFAULT_SCHEME="$2" DEFAULT_LISTEN_PORT="$3"
 
   local app_vhosts="$(plugn trigger domains-list "$APP")"
   if [[ -n "$app_vhosts" ]]; then
     for app_vhost in $app_vhosts; do
-      fn-domains-generate-urls-from-config "$APP" "$SCHEME" "$app_vhost" "$DEFAULT_LISTEN_PORT"
+      fn-domains-generate-urls-from-config "$APP" "$DEFAULT_SCHEME" "$app_vhost" "$DEFAULT_LISTEN_PORT"
     done
   else
     if [[ -s "$DOKKU_ROOT/VHOST" ]]; then
       while read -r VHOST || [[ -n "$VHOST" ]]; do
-        fn-domains-generate-urls-from-config "$APP" "$SCHEME" "$VHOST" "$DEFAULT_LISTEN_PORT"
+        fn-domains-generate-urls-from-config "$APP" "$DEFAULT_SCHEME" "$VHOST" "$DEFAULT_LISTEN_PORT"
       done <"$DOKKU_ROOT/VHOST"
     else
-      fn-domains-generate-urls-from-config "$APP" "$SCHEME" "$(hostname -f)" "$DEFAULT_LISTEN_PORT"
+      fn-domains-generate-urls-from-config "$APP" "$DEFAULT_SCHEME" "$(hostname -f)" "$DEFAULT_LISTEN_PORT"
     fi
   fi
 }
 
 fn-domains-generate-urls-from-config() {
-  declare APP="$1" SCHEME="$2" VHOST="$3" DEFAULT_LISTEN_PORT="$4"
+  declare APP="$1" DEFAULT_SCHEME="$2" VHOST="$3" DEFAULT_LISTEN_PORT="$4"
   local APP_PORT_MAP="$(plugn trigger ports-get "$APP")"
 
   if [[ "$(plugn trigger proxy-is-enabled "$APP")" == "false" ]]; then
@@ -143,18 +143,22 @@ fn-domains-generate-urls-from-config() {
     DOKKU_APP_WEB_LISTENERS="$(plugn trigger network-get-listeners "$APP" "web" | xargs)"
     for DOKKU_APP_WEB_LISTENER in $DOKKU_APP_WEB_LISTENERS; do
       listen_port="$(echo "$DOKKU_APP_WEB_LISTENER" | cut -d ':' -f2)"
-      fn-domains-generate-url "$SCHEME" "$VHOST" "$listen_port"
+      fn-domains-generate-url "$DEFAULT_SCHEME" "$VHOST" "$listen_port"
     done
     shopt -u nullglob
   elif [[ -n "$APP_PORT_MAP" ]]; then
+    CERTS_EXIST="$(plugn trigger certs-exists "$APP")"
     local port_map
     while IFS= read -r port_map; do
       local scheme="$(awk -F ':' '{ print $1 }' <<<"$port_map")"
       local listen_port="$(awk -F ':' '{ print $2 }' <<<"$port_map")"
-      fn-domains-generate-url "$SCHEME" "$VHOST" "$listen_port"
+      if [[ "$CERTS_EXIST" != "true" ]] && [[ "$scheme" == "https" ]]; then
+        continue
+      fi
+      fn-domains-generate-url "$scheme" "$VHOST" "$listen_port"
     done <<<"$APP_PORT_MAP"
   else
-    fn-domains-generate-url "$SCHEME" "$VHOST" "$DEFAULT_LISTEN_PORT"
+    fn-domains-generate-url "$DEFAULT_SCHEME" "$VHOST" "$DEFAULT_LISTEN_PORT"
   fi
 }
 
@@ -163,7 +167,11 @@ fn-domains-generate-url() {
   if [[ "$PORT" == "80" ]]; then
     echo "http://$VHOST"
   elif [[ "$PORT" == "443" ]]; then
-    echo "https://$VHOST"
+    if [[ "$SCHEME" == "https" ]]; then
+      echo "https://$VHOST"
+    else
+      echo "$SCHEME://$VHOST:$PORT"
+    fi
   else
     echo "$SCHEME://$VHOST:$PORT"
   fi
diff --git a/plugins/openresty-vhosts/core-post-extract b/plugins/openresty-vhosts/core-post-extract
index ed379a8cb97..f2c1d7301ac 100755
--- a/plugins/openresty-vhosts/core-post-extract
+++ b/plugins/openresty-vhosts/core-post-extract
@@ -17,7 +17,7 @@ fn-openresty-vhosts-copy-from-image() {
   fi
 
   find "${DOKKU_LIB_ROOT}/data/openresty-vhosts/app-$APP/" -maxdepth 1 -name 'openresty-location-includes.*' -type d -exec rm -r {} +
-  copy_dir_from_image "$IMAGE_NAME" "$LOCATION_CONF_PATH" "${DOKKU_LIB_ROOT}/data/openresty-vhosts/app-$APP/openresty-location-includes.$DOKKU_PID" 2>/dev/null|| true
+  copy_dir_from_image "$IMAGE_NAME" "$LOCATION_CONF_PATH" "${DOKKU_LIB_ROOT}/data/openresty-vhosts/app-$APP/openresty-location-includes.$DOKKU_PID" 2>/dev/null || true
   if [[ ! -f "${DOKKU_LIB_ROOT}/data/openresty-vhosts/app-$APP/openresty-location-includes.$DOKKU_PID" ]]; then
     touch "${DOKKU_LIB_ROOT}/data/openresty-vhosts/app-$APP/openresty-location-includes.$DOKKU_PID.missing"
   fi
diff --git a/tests/unit/domains.bats b/tests/unit/domains.bats
index 362131020c3..33a88fa0833 100644
--- a/tests/unit/domains.bats
+++ b/tests/unit/domains.bats
@@ -410,3 +410,25 @@ teardown() {
   assert_success
   assert_output_contains "Detected IPv4 domain name with nginx proxy enabled." 0
 }
+
+@test "(domains) https:443" {
+  run /bin/bash -c "dokku domains:set $TEST_APP $TEST_APP.${DOKKU_DOMAIN}"
+  echo "output: $output"
+  echo "status: $status"
+  assert_success
+
+  run /bin/bash -c "dokku git:from-image $TEST_APP cockpithq/cockpit:core-latest"
+  echo "output: $output"
+  echo "status: $status"
+  assert_success
+  assert_output_contains "http://$TEST_APP.${DOKKU_DOMAIN}" 2
+  assert_output_contains "http://$TEST_APP.${DOKKU_DOMAIN}:2019"
+  assert_output_contains "udp://$TEST_APP.${DOKKU_DOMAIN}:443"
+  assert_output_contains "http://$TEST_APP.${DOKKU_DOMAIN}:443" 0
+
+  run /bin/bash -c "dokku ports:report $TEST_APP --ports-map-detected"
+  echo "output: $output"
+  echo "status: $status"
+  assert_success
+  assert_output "http:2019:2019 http:80:80 https:443:443 udp:443:443"
+}