diff --git a/README.md b/README.md
index 5646214..f79a1d4 100644
--- a/README.md
+++ b/README.md
@@ -138,7 +138,7 @@ http {
 Additional configuration options can be set on the `auto_ssl` instance that is created:
 
 ### `allow_domain`
-*Default:* `function(domain, auto_ssl) return false end`
+*Default:* `function(domain, auto_ssl, ssl_options) return false end`
 
 A function that determines whether the incoming domain should automatically issue a new SSL certificate.
 
@@ -154,6 +154,8 @@ auto_ssl:set("allow_domain", function(domain, auto_ssl)
 end)
 ```
 
+Use `ssl_options` to make the behavior vary based on port - see the example in listed for `request_domain` for details.
+
 ### `dir`
 *Default:* `/etc/resty-auto-ssl`
 
diff --git a/lib/resty/auto-ssl/ssl_certificate.lua b/lib/resty/auto-ssl/ssl_certificate.lua
index 1e23b87..70d3a78 100644
--- a/lib/resty/auto-ssl/ssl_certificate.lua
+++ b/lib/resty/auto-ssl/ssl_certificate.lua
@@ -122,7 +122,7 @@ local function get_cert_der(auto_ssl_instance, domain, ssl_options)
   -- We may want to consider caching the results of allow_domain lookups
   -- (including negative caching or disallowed domains).
   local allow_domain = auto_ssl_instance:get("allow_domain")
-  if not allow_domain(domain, auto_ssl_instance) then
+  if not allow_domain(domain, auto_ssl_instance, ssl_options) then
     return nil, "domain not allowed"
   end