diff --git a/alternator/server.cc b/alternator/server.cc
index 8a9a7d6884..c1a29cead6 100644
--- a/alternator/server.cc
+++ b/alternator/server.cc
@@ -606,14 +606,24 @@ future<> server::init(net::inet_address addr, std::optional<uint16_t> port, std:
             set_routes(_https_server._routes);
             _https_server.set_content_length_limit(server::content_length_limit);
             _https_server.set_content_streaming(true);
-            auto server_creds = creds->build_reloadable_server_credentials([](const std::unordered_set<sstring>& files, std::exception_ptr ep) {
-                if (ep) {
-                    slogger.warn("Exception loading {}: {}", files, ep);
-                } else {
-                    slogger.info("Reloaded {}", files);
-                }
-            }).get();
-            _https_server.listen(socket_address{addr, *https_port}, std::move(server_creds)).get();
+
+            if (this_shard_id() == 0) {
+                _credentials = creds->build_reloadable_server_credentials([this](const tls::credentials_builder& b, const std::unordered_set<sstring>& files, std::exception_ptr ep) -> future<> {
+                    if (ep) {
+                        slogger.warn("Exception loading {}: {}", files, ep);
+                    } else {
+                        co_await container().invoke_on_others([&b](server& s) {
+                            if (s._credentials) {
+                                b.rebuild(*s._credentials);
+                            }
+                        });
+                        slogger.info("Reloaded {}", files);
+                    }
+                }).get();
+            } else {
+                _credentials = creds->build_server_credentials();
+            }
+            _https_server.listen(socket_address{addr, *https_port}, _credentials).get();
             _enabled_servers.push_back(std::ref(_https_server));
         }
     });
diff --git a/alternator/server.hh b/alternator/server.hh
index 939df847ec..b8e6d95ea3 100644
--- a/alternator/server.hh
+++ b/alternator/server.hh
@@ -24,7 +24,7 @@ namespace alternator {
 
 using chunked_content = rjson::chunked_content;
 
-class server {
+class server : public peering_sharded_service<server> {
     static constexpr size_t content_length_limit = 16*MB;
     using alternator_callback = std::function<future<executor::request_return_type>(executor&, executor::client_state&,
             tracing::trace_state_ptr, service_permit, rjson::value, std::unique_ptr<http::request>)>;
@@ -52,6 +52,8 @@ class server {
     semaphore* _memory_limiter;
     utils::updateable_value<uint32_t> _max_concurrent_requests;
 
+    ::shared_ptr<seastar::tls::server_credentials> _credentials;
+
     class json_parser {
         static constexpr size_t yieldable_parsing_threshold = 16*KB;
         chunked_content _raw_document;