diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7a5150ecb..0976e614a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - Fixed IPcheck policy issues with invalid IP [PR #1273](https://github.com/3scale/APIcast/pull/1273) [THREESCALE-7075](https://issues.redhat.com/browse/THREESCALE-7075)
 - Disabled content-caching globally if no policy at all [PR #1278](https://github.com/3scale/APIcast/pull/1278) [THREESCALE-7016](https://issues.redhat.com/browse/THREESCALE-7016)
 - Fixed warning messages [PR #1282](https://github.com/3scale/APIcast/pull/1282) [THREESCALE-5816](https://issues.redhat.com/browse/THREESCALE-5816)
+- Fixed lua socket error on ssl_certificate [PR #1283](https://github.com/3scale/APIcast/pull/1283) [THREESCALE-7230](https://issues.redhat.com/browse/THREESCALE-7230)
 
 ### Added
 
diff --git a/gateway/src/resty/resolver.lua b/gateway/src/resty/resolver.lua
index 7d56b085b..1b204b077 100644
--- a/gateway/src/resty/resolver.lua
+++ b/gateway/src/resty/resolver.lua
@@ -210,6 +210,13 @@ function _M:instance()
   if not resolver then
     local dns = dns_client:instance(self.nameservers())
     resolver = self.new(dns)
+  end
+
+  -- This condition is a bit hacky, but when using UDP cosockets on ssl_cert
+  -- phase, it'll be closed for other phases, so skip to share on the ssl_cert
+  -- case.
+  -- Check THREESCALE-7230 for more info.
+  if ngx.get_phase() ~= "ssl_cert" then
     ctx.resolver = resolver
   end
 
diff --git a/gateway/src/resty/resolver/dns_client.lua b/gateway/src/resty/resolver/dns_client.lua
index b982bfb83..e20e10854 100644
--- a/gateway/src/resty/resolver/dns_client.lua
+++ b/gateway/src/resty/resolver/dns_client.lua
@@ -26,6 +26,13 @@ function _M:instance(nameservers)
 
   if not resolver then
     resolver = self:new({ nameservers = nameservers })
+  end
+
+  -- This condition is a bit hacky, but when using UDP cosockets on ssl_cert
+  -- phase, it'll be closed for other phases, so skip to share on the ssl_cert
+  -- case.
+  -- Check THREESCALE-7230 for more info.
+  if ngx.get_phase() ~= "ssl_cert" then
     ctx.dns = resolver
   end