diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb
index cf24feb33..b1c7fbbfb 100644
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@@ -14,6 +14,10 @@ module Epp
       webclient_request = ENV['webclient_ips'].split(',').map(&:strip).include?(request.ip)
       if webclient_request && !Rails.env.test? && !Rails.env.development?
         client_md5 = Certificate.parse_md_from_string(request.env['HTTP_SSL_CLIENT_CERT'])
+        if ENV['cert_path'].blank?
+          raise 'webclient cert (cert_path) missing, registrar (r)epp disabled'
+        end
+
         server_md5 = Certificate.parse_md_from_string(File.read(ENV['cert_path']))
         if client_md5 != server_md5
           epp_errors << {