diff --git a/clanServices/sshd/default.nix b/clanServices/sshd/default.nix
index deb5bbc9e..08fde5f27 100644
--- a/clanServices/sshd/default.nix
+++ b/clanServices/sshd/default.nix
@@ -180,8 +180,9 @@
               settings.PasswordAuthentication = false;
 
               settings.HostCertificate = lib.mkIf (
-                config.clan.core.vars.generators.openssh-cert.files."ssh.id_ed25519-cert.pub".exists
-                && settings.certificate.searchDomains != [ ]
+                # this check needs to go first, as otherwise generators.openssh-cert does not exist
+                settings.certificate.searchDomains != [ ]
+                && config.clan.core.vars.generators.openssh-cert.files."ssh.id_ed25519-cert.pub".exists
               ) config.clan.core.vars.generators.openssh-cert.files."ssh.id_ed25519-cert.pub".path;
 
               hostKeys = [
diff --git a/clanServices/sshd/flake-module.nix b/clanServices/sshd/flake-module.nix
index 11b7d02a4..6514a8293 100644
--- a/clanServices/sshd/flake-module.nix
+++ b/clanServices/sshd/flake-module.nix
@@ -10,9 +10,14 @@ in
   perSystem =
     { ... }:
     {
-      clan.nixosTests.sshd = {
+      clan.nixosTests.service-sshd = {
         imports = [ ./tests/vm/default.nix ];
 
+        clan.modules."@clan/sshd" = module;
+      };
+      clan.nixosTests.service-sshd-no-search-domains = {
+        imports = [ ./tests/vm/no-search-domains.nix ];
+
         clan.modules."@clan/sshd" = module;
       };
     };
diff --git a/clanServices/sshd/tests/vm/no-search-domains.nix b/clanServices/sshd/tests/vm/no-search-domains.nix
new file mode 100644
index 000000000..0a98c64bf
--- /dev/null
+++ b/clanServices/sshd/tests/vm/no-search-domains.nix
@@ -0,0 +1,45 @@
+/*
+  This is a regression test for the following error:
+  error: attribute 'openssh-cert' missing
+  at /nix/store/y1k4bqwjql6bhlry456cs4marpamiqlr-source/clanServices/sshd/default.nix:184:17:
+    183|                 # this check needs to go first, as otherwise generators.openssh-cert does not exist
+    184|                 config.clan.core.vars.generators.openssh-cert.files."ssh.id_ed25519-cert.pub".exists
+        |                 ^
+    185|                 && settings.certificate.searchDomains != [ ]
+*/
+{
+  ...
+}:
+{
+  name = "service-sshd";
+
+  clan = {
+    directory = ./.;
+    inventory = {
+      machines.server = { };
+      machines.client = { };
+
+      instances = {
+        sshd-test = {
+          module.name = "@clan/sshd";
+          module.input = "self";
+          roles.server.machines."server".settings = {
+            hostKeys.rsa.enable = true;
+          };
+          roles.client.machines."client".settings = {
+          };
+        };
+      };
+    };
+  };
+
+  nodes = {
+    server = { };
+    client = { };
+  };
+
+  testScript = ''
+    # don't do anything, just evaluate the machines
+    exit(0)
+  '';
+}