diff --git a/deploy/docker/prod/Dockerfile b/deploy/docker/prod/Dockerfile
index 37a36859..9055526b 100644
--- a/deploy/docker/prod/Dockerfile
+++ b/deploy/docker/prod/Dockerfile
@@ -21,7 +21,7 @@ EXPOSE "${APP_PORT}"
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 
 # Default command is to launch the server
-CMD ["bash", "-c", "${APP_DIR}/script/uwsgi_server"]
+CMD ["bash", "-c", "crond -b && ${APP_DIR}/script/uwsgi_server"]
 
 ### Items that will change almost every build
 #############################################
@@ -41,6 +41,9 @@ WORKDIR ${APP_DIR}
 RUN set -x ; \
   script/alpine_setup "${APP_USER}" "${APP_GROUP}"
 
+# add sync-crl cronjob for atst user
+RUN echo "1 */6 * * * /opt/atat/atst/script/sync-crls tests/crl-tmp" >> /etc/crontabs/atst
+
 # Update file ownership
 RUN set -x ; \
   for subdir in $(find . -type d -maxdepth 1 | grep -Ee '.[^/]' | grep -Fve 'node_modules'); do chown atst:atat -R ${subdir}; done
diff --git a/script/sync-crls b/script/sync-crls
index a8a3ff97..3b4eb027 100755
--- a/script/sync-crls
+++ b/script/sync-crls
@@ -4,11 +4,17 @@
 set -e
 cd "$(dirname "$0")/.."
 
-mkdir -p crl-tmp
-pipenv run python ./atst/domain/authnid/crl/util.py crl-tmp crl
+if [[ $# -eq 0 ]]; then
+  TMP_DIR=crl-tmp
+else
+  TMP_DIR=$1
+fi
+
+mkdir -p $TMP_DIR
+pipenv run python ./atst/domain/authnid/crl/util.py $TMP_DIR crl
 mkdir -p crl
-rsync -rq --min-size 400 crl-tmp/. crl/.
-rm -rf crl-tmp
+rsync -rq --min-size 400 $TMP_DIR/. crl/.
+rm -rf $TMP_DIR
 
 if [[ $FLASK_ENV != "prod" ]]; then
   # place our test CRL there