diff --git a/modules/api_rest/api_rest.go b/modules/api_rest/api_rest.go
index b91b8ef2..4fe32bb7 100644
--- a/modules/api_rest/api_rest.go
+++ b/modules/api_rest/api_rest.go
@@ -213,7 +213,7 @@ func (mod *RestAPI) Configure() error {
 
 	if mod.isTLS() {
 		if !fs.Exists(mod.certFile) || !fs.Exists(mod.keyFile) {
-			err, cfg := tls.CertConfigFromModule("api.rest", mod.SessionModule)
+			cfg, err := tls.CertConfigFromModule("api.rest", mod.SessionModule)
 			if err != nil {
 				return err
 			}
diff --git a/modules/https_proxy/https_proxy.go b/modules/https_proxy/https_proxy.go
index b3ceacca..2ad85489 100644
--- a/modules/https_proxy/https_proxy.go
+++ b/modules/https_proxy/https_proxy.go
@@ -137,7 +137,7 @@ func (mod *HttpsProxy) Configure() error {
 	mod.proxy.Whitelist = str.Comma(whitelist)
 
 	if !fs.Exists(certFile) || !fs.Exists(keyFile) {
-		err, cfg := tls.CertConfigFromModule("https.proxy", mod.SessionModule)
+		cfg, err := tls.CertConfigFromModule("https.proxy", mod.SessionModule)
 		if err != nil {
 			return err
 		}
diff --git a/modules/https_server/https_server.go b/modules/https_server/https_server.go
index 1518831a..0d9ff80f 100644
--- a/modules/https_server/https_server.go
+++ b/modules/https_server/https_server.go
@@ -129,7 +129,7 @@ func (mod *HttpsServer) Configure() error {
 	}
 
 	if !fs.Exists(certFile) || !fs.Exists(keyFile) {
-		err, cfg := tls.CertConfigFromModule("https.server", mod.SessionModule)
+		cfg, err := tls.CertConfigFromModule("https.server", mod.SessionModule)
 		if err != nil {
 			return err
 		}
diff --git a/tls/cert.go b/tls/cert.go
index 8bf0aec5..acb585e8 100644
--- a/tls/cert.go
+++ b/tls/cert.go
@@ -57,21 +57,21 @@ func CertConfigToModule(prefix string, m *session.SessionModule, defaults CertCo
 		"Common Name field of the generated HTTPS certificate."))
 }
 
-func CertConfigFromModule(prefix string, m session.SessionModule) (err error, cfg CertConfig) {
+func CertConfigFromModule(prefix string, m session.SessionModule) (cfg CertConfig, err error) {
 	if err, cfg.Bits = m.IntParam(prefix + ".certificate.bits"); err != nil {
-		return err, cfg
+		return cfg, err
 	} else if err, cfg.Country = m.StringParam(prefix + ".certificate.country"); err != nil {
-		return err, cfg
+		return cfg, err
 	} else if err, cfg.Locality = m.StringParam(prefix + ".certificate.locality"); err != nil {
-		return err, cfg
+		return cfg, err
 	} else if err, cfg.Organization = m.StringParam(prefix + ".certificate.organization"); err != nil {
-		return err, cfg
+		return cfg, err
 	} else if err, cfg.OrganizationalUnit = m.StringParam(prefix + ".certificate.organizationalunit"); err != nil {
-		return err, cfg
+		return cfg, err
 	} else if err, cfg.CommonName = m.StringParam(prefix + ".certificate.commonname"); err != nil {
-		return err, cfg
+		return cfg, err
 	}
-	return nil, cfg
+	return cfg, err
 }
 
 func CreateCertificate(cfg CertConfig, ca bool) (*rsa.PrivateKey, []byte, error) {