diff --git a/include/haproxy/ssl_sock-t.h b/include/haproxy/ssl_sock-t.h
index d54469c9e..cc7a7aad6 100644
--- a/include/haproxy/ssl_sock-t.h
+++ b/include/haproxy/ssl_sock-t.h
@@ -134,7 +134,7 @@ struct sni_ctx {
 	unsigned int neg:1;       /* reject if match */
 	unsigned int wild:1;      /* wildcard sni */
 	struct pkey_info kinfo;   /* pkey info */
-	struct ssl_bind_conf *conf; /* ssl "bind" conf for the certificate */
+	struct ssl_bind_conf *conf; /* ptr to a crtlist's ssl_conf, must not be free from here */
 	struct list by_ckch_inst; /* chained in ckch_inst's list of sni_ctx */
 	struct ckch_inst *ckch_inst; /* instance used to create this sni_ctx */
 	struct ebmb_node name;    /* node holding the servername value */
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 322613c37..715ae9d67 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4763,11 +4763,6 @@ void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
 		back = ebmb_next(node);
 		ebmb_delete(node);
 		SSL_CTX_free(sni->ctx);
-		if (!sni->order) { /* only free the CTX conf on its first occurrence */
-			ssl_sock_free_ssl_conf(sni->conf);
-			free(sni->conf);
-			sni->conf = NULL;
-		}
 		free(sni);
 		node = back;
 	}