diff --git a/ansible/inventory/group_vars/all.yaml b/ansible/inventory/group_vars/all.yaml
index 54dccf9..f344319 100644
--- a/ansible/inventory/group_vars/all.yaml
+++ b/ansible/inventory/group_vars/all.yaml
@@ -192,7 +192,7 @@ version:
     # infra
     step: "0.30.2"
     ldap: "v0.6.3"
-    x509-exporter: "3.21.0"
+    x509-exporter: "4.1.0"
     prometheus: "v3.9.1"
     loki: "3.7.1"
     grafana: "12.3.3"
diff --git a/ansible/roles/infra/tasks/services/set_x509-exporter.yaml b/ansible/roles/infra/tasks/services/set_x509-exporter.yaml
index c4db32b..1e25294 100644
--- a/ansible/roles/infra/tasks/services/set_x509-exporter.yaml
+++ b/ansible/roles/infra/tasks/services/set_x509-exporter.yaml
@@ -8,9 +8,20 @@
     mode: "0770"
   loop:
     - "x509-exporter"
+    - "x509-exporter/config"
     - "x509-exporter/certs"
   become: true
 
+- name: Deploy config.yaml
+  ansible.builtin.copy:
+    src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/x509-exporter/config/config.yaml"
+    dest: "{{ node['home_path'] }}/containers/x509-exporter/config/config.yaml"
+    owner: "{{ services['x509-exporter']['subuid'] }}"
+    group: "svadmins"
+    mode: "0440"
+  become: true
+  no_log: true
+
 - name: Deploy certificates
   ansible.builtin.copy:
     content: |
diff --git a/config/services/containers/infra/x509-exporter/config/config.yaml b/config/services/containers/infra/x509-exporter/config/config.yaml
new file mode 100644
index 0000000..cb4e318
--- /dev/null
+++ b/config/services/containers/infra/x509-exporter/config/config.yaml
@@ -0,0 +1,11 @@
+server:
+  listen: :9793
+
+sources:
+  - kind: file
+    name: homelab-certs
+    paths:
+      - /certs/*.crt
+      - /certs/*.pem
+      - /certs/*.cer
+    refreshInterval: 1m
\ No newline at end of file
diff --git a/config/services/containers/infra/x509-exporter/x509-exporter.container.j2 b/config/services/containers/infra/x509-exporter/x509-exporter.container.j2
index 7b19a12..76b840e 100644
--- a/config/services/containers/infra/x509-exporter/x509-exporter.container.j2
+++ b/config/services/containers/infra/x509-exporter/x509-exporter.container.j2
@@ -11,11 +11,12 @@ Image=docker.io/enix/x509-certificate-exporter:{{ version['containers']['x509-ex
 ContainerName=x509-exporter
 HostName=X509-exporter
 
+Volume=%h/containers/x509-exporter/config/config.yaml:/etc/config.yaml:ro
 Volume=%h/containers/x509-exporter/certs:/certs:ro
 
 PublishPort={{ services['x509-exporter']['ports']['http'] }}:9793
 
-Exec=--listen-address :9793 --watch-dir=/certs
+Exec=--config /etc/config.yaml
 
 [Service]
 Restart=always