diff --git a/bin/named/server.c b/bin/named/server.c
index 37cc1dea6a..ef0a7451f5 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -3795,7 +3795,8 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
 	       cfg_obj_t *vconfig, named_cachelist_t *cachelist,
 	       named_cachelist_t *oldcachelist, dns_kasplist_t *kasplist,
 	       const cfg_obj_t *bindkeys, isc_mem_t *mctx,
-	       cfg_aclconfctx_t *actx, bool need_hints, bool first_time) {
+	       cfg_aclconfctx_t *actx, isc_tlsctx_cache_t *tlsctx_client_cache,
+	       bool need_hints, bool first_time) {
 	const cfg_obj_t *maps[4];
 	const cfg_obj_t *cfgmaps[3];
 	const cfg_obj_t *optionmaps[3];
@@ -4506,8 +4507,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
 		goto cleanup;
 	}
 
-	CHECK(dns_view_createresolver(view, resopts,
-				      named_g_server->tlsctx_client_cache,
+	CHECK(dns_view_createresolver(view, resopts, tlsctx_client_cache,
 				      dispatch4, dispatch6));
 
 	if (resstats == NULL) {
@@ -7896,9 +7896,11 @@ create_views(cfg_obj_t *config, cfg_parser_t *parser,
 
 static isc_result_t
 configure_views(cfg_obj_t *config, const cfg_obj_t *bindkeys,
-		cfg_aclconfctx_t *aclconfctx, dns_viewlist_t *viewlist,
-		named_cachelist_t *cachelist, dns_kasplist_t *kasplist,
-		named_server_t *server, bool first_time) {
+		cfg_aclconfctx_t *aclconfctx,
+		isc_tlsctx_cache_t *tlsctx_client_cache,
+		dns_viewlist_t *viewlist, named_cachelist_t *cachelist,
+		dns_kasplist_t *kasplist, named_server_t *server,
+		bool first_time) {
 	isc_result_t result = ISC_R_SUCCESS;
 	const cfg_obj_t *views = NULL;
 	dns_viewlist_t tmpviewlist;
@@ -7920,8 +7922,8 @@ configure_views(cfg_obj_t *config, const cfg_obj_t *bindkeys,
 
 		result = configure_view(view, viewlist, config, vconfig,
 					cachelist, &server->cachelist, kasplist,
-					bindkeys, isc_g_mctx, aclconfctx, true,
-					first_time);
+					bindkeys, isc_g_mctx, aclconfctx,
+					tlsctx_client_cache, true, first_time);
 		if (result != ISC_R_SUCCESS) {
 			dns_view_detach(&view);
 			return result;
@@ -7942,8 +7944,8 @@ configure_views(cfg_obj_t *config, const cfg_obj_t *bindkeys,
 		}
 		result = configure_view(view, viewlist, config, NULL, cachelist,
 					&server->cachelist, kasplist, bindkeys,
-					isc_g_mctx, aclconfctx, true,
-					first_time);
+					isc_g_mctx, aclconfctx,
+					tlsctx_client_cache, true, first_time);
 		if (result != ISC_R_SUCCESS) {
 			dns_view_detach(&view);
 			return result;
@@ -7969,8 +7971,8 @@ configure_views(cfg_obj_t *config, const cfg_obj_t *bindkeys,
 
 		result = configure_view(view, viewlist, config, vconfig,
 					cachelist, &server->cachelist, kasplist,
-					bindkeys, isc_g_mctx, aclconfctx, false,
-					first_time);
+					bindkeys, isc_g_mctx, aclconfctx,
+					tlsctx_client_cache, false, first_time);
 		if (result != ISC_R_SUCCESS) {
 			dns_view_detach(&view);
 			return result;
@@ -8128,6 +8130,7 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
 	dns_aclenv_t *env =
 		ns_interfacemgr_getaclenv(named_g_server->interfacemgr);
 	cfg_aclconfctx_t *tmpaclconfctx, *aclconfctx = NULL;
+	isc_tlsctx_cache_t *tlsctx_client_cache = NULL;
 
 	isc_log_write(NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER,
 		      ISC_LOG_DEBUG(1), "apply_configuration");
@@ -8176,6 +8179,9 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
 		goto cleanup_viewlist;
 	}
 
+	/* Create a new client TLS context cache */
+	isc_tlsctx_cache_create(isc_g_mctx, &tlsctx_client_cache);
+
 	/* Ensure exclusive access to configuration data. */
 	isc_loopmgr_pause();
 
@@ -8197,22 +8203,13 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
 		}
 	}
 
-	/* Let's recreate the TLS context cache */
+	/* Let's recreate the server TLS context cache */
 	if (server->tlsctx_server_cache != NULL) {
 		isc_tlsctx_cache_detach(&server->tlsctx_server_cache);
 	}
 
 	isc_tlsctx_cache_create(isc_g_mctx, &server->tlsctx_server_cache);
 
-	if (server->tlsctx_client_cache != NULL) {
-		isc_tlsctx_cache_detach(&server->tlsctx_client_cache);
-	}
-
-	isc_tlsctx_cache_create(isc_g_mctx, &server->tlsctx_client_cache);
-
-	dns_zonemgr_set_tlsctx_cache(server->zonemgr,
-				     server->tlsctx_client_cache);
-
 #if HAVE_LIBNGHTTP2
 	obj = NULL;
 	result = named_config_get(maps, "http-port", &obj);
@@ -8786,8 +8783,9 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
 	 */
 	(void)configure_session_key(maps, server, isc_g_mctx, first_time);
 
-	result = configure_views(config, bindkeys, aclconfctx, &viewlist,
-				 &cachelist, &kasplist, server, first_time);
+	result = configure_views(config, bindkeys, aclconfctx,
+				 tlsctx_client_cache, &viewlist, &cachelist,
+				 &kasplist, server, first_time);
 	if (result != ISC_R_SUCCESS) {
 		goto cleanup_cachelist;
 	}
@@ -9187,6 +9185,17 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
 	server->aclconfctx = aclconfctx;
 	aclconfctx = tmpaclconfctx;
 
+	/*
+	 * Swap client TLS context
+	 */
+	if (server->tlsctx_client_cache != NULL) {
+		isc_tlsctx_cache_detach(&server->tlsctx_client_cache);
+	}
+
+	isc_tlsctx_cache_attach(tlsctx_client_cache,
+				&server->tlsctx_client_cache);
+	dns_zonemgr_set_tlsctx_cache(server->zonemgr, tlsctx_client_cache);
+
 	(void)named_server_loadnta(server);
 
 	/*
@@ -9225,7 +9234,6 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
 		goto cleanup_altsecrets;
 	}
 
-
 	(void)ns_interfacemgr_scan(server->interfacemgr, true, true);
 
 	/*
@@ -9274,6 +9282,12 @@ cleanup_bindkeys_parser:
 		isc_loopmgr_resume();
 	}
 
+	/*
+	 * Detach the TLS client context (whether the one created at the
+	 * begining of this function, or the previous running one)
+	 */
+	isc_tlsctx_cache_detach(&tlsctx_client_cache);
+
 cleanup_viewlist:
 	ISC_LIST_FOREACH(viewlist, view, link) {
 		ISC_LIST_UNLINK(viewlist, view, link);