diff --git a/cmd/collector/app/collector.go b/cmd/collector/app/collector.go
index 44b1ef47803..ef1122e9341 100644
--- a/cmd/collector/app/collector.go
+++ b/cmd/collector/app/collector.go
@@ -6,7 +6,6 @@ package app
 import (
 	"context"
 	"fmt"
-	"io"
 	"net/http"
 	"time"
 
@@ -47,13 +46,10 @@ type Collector struct {
 	tenancyMgr         *tenancy.Manager
 
 	// state, read only
-	hServer                    *http.Server
-	grpcServer                 *grpc.Server
-	otlpReceiver               receiver.Traces
-	zipkinReceiver             receiver.Traces
-	tlsGRPCCertWatcherCloser   io.Closer
-	tlsHTTPCertWatcherCloser   io.Closer
-	tlsZipkinCertWatcherCloser io.Closer
+	hServer        *http.Server
+	grpcServer     *grpc.Server
+	otlpReceiver   receiver.Traces
+	zipkinReceiver receiver.Traces
 }
 
 // CollectorParams to construct a new Jaeger Collector.
@@ -131,10 +127,6 @@ func (c *Collector) Start(options *flags.CollectorOptions) error {
 	}
 	c.hServer = httpServer
 
-	c.tlsGRPCCertWatcherCloser = &options.GRPC.TLS
-	c.tlsHTTPCertWatcherCloser = &options.HTTP.TLS
-	c.tlsZipkinCertWatcherCloser = &options.Zipkin.TLS
-
 	if options.Zipkin.HTTPHostPort == "" {
 		c.logger.Info("Not listening for Zipkin HTTP traffic, port not configured")
 	} else {
@@ -209,17 +201,6 @@ func (c *Collector) Close() error {
 		}
 	}
 
-	// watchers actually never return errors from Close
-	if c.tlsGRPCCertWatcherCloser != nil {
-		_ = c.tlsGRPCCertWatcherCloser.Close()
-	}
-	if c.tlsHTTPCertWatcherCloser != nil {
-		_ = c.tlsHTTPCertWatcherCloser.Close()
-	}
-	if c.tlsZipkinCertWatcherCloser != nil {
-		_ = c.tlsZipkinCertWatcherCloser.Close()
-	}
-
 	return nil
 }
 
diff --git a/cmd/collector/app/flags/flags.go b/cmd/collector/app/flags/flags.go
index 5c68169c881..f6b556b0f2b 100644
--- a/cmd/collector/app/flags/flags.go
+++ b/cmd/collector/app/flags/flags.go
@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/spf13/viper"
+	"go.opentelemetry.io/collector/config/configtls"
 	"go.uber.org/zap"
 
 	"github.com/jaegertracing/jaeger/cmd/internal/flags"
@@ -120,7 +121,7 @@ type CollectorOptions struct {
 		// HTTPHostPort is the host:port address that the Zipkin collector service listens in on for http requests
 		HTTPHostPort string
 		// TLS configures secure transport for Zipkin endpoint to collect spans
-		TLS tlscfg.Options
+		TLS *configtls.ServerConfig
 		// CORS allows CORS requests , sets the values for Allowed Headers and Allowed Origins.
 		CORS corscfg.Options
 		// KeepAlive configures allow Keep-Alive for Zipkin HTTP server
@@ -142,7 +143,7 @@ type HTTPOptions struct {
 	// HostPort is the host:port address that the server listens on
 	HostPort string
 	// TLS configures secure transport for HTTP endpoint
-	TLS tlscfg.Options
+	TLS *configtls.ServerConfig
 	// ReadTimeout sets the respective parameter of http.Server
 	ReadTimeout time.Duration
 	// ReadHeaderTimeout sets the respective parameter of http.Server
@@ -158,7 +159,7 @@ type GRPCOptions struct {
 	// HostPort is the host:port address that the collector service listens in on for gRPC requests
 	HostPort string
 	// TLS configures secure transport for gRPC endpoint to collect spans
-	TLS tlscfg.Options
+	TLS *configtls.ServerConfig
 	// MaxReceiveMessageLength is the maximum message size receivable by the gRPC Collector.
 	MaxReceiveMessageLength int
 	// MaxConnectionAge is a duration for the maximum amount of time a connection may exist.
@@ -232,7 +233,7 @@ func (opts *HTTPOptions) initFromViper(v *viper.Viper, _ *zap.Logger, cfg server
 	if err != nil {
 		return fmt.Errorf("failed to parse HTTP TLS options: %w", err)
 	}
-	opts.TLS = tlsOpts
+	opts.TLS = tlsOpts.ToOtelServerConfig()
 	return nil
 }
 
@@ -245,7 +246,7 @@ func (opts *GRPCOptions) initFromViper(v *viper.Viper, _ *zap.Logger, cfg server
 	if err != nil {
 		return fmt.Errorf("failed to parse gRPC TLS options: %w", err)
 	}
-	opts.TLS = tlsOpts
+	opts.TLS = tlsOpts.ToOtelServerConfig()
 	opts.Tenancy = tenancy.InitFromViper(v)
 
 	return nil
@@ -282,7 +283,7 @@ func (cOpts *CollectorOptions) InitFromViper(v *viper.Viper, logger *zap.Logger)
 	if err != nil {
 		return cOpts, fmt.Errorf("failed to parse Zipkin TLS options: %w", err)
 	}
-	cOpts.Zipkin.TLS = tlsZipkin
+	cOpts.Zipkin.TLS = tlsZipkin.ToOtelServerConfig()
 	cOpts.Zipkin.CORS = corsZipkinFlags.InitFromViper(v)
 
 	return cOpts, nil
diff --git a/cmd/collector/app/handler/otlp_receiver.go b/cmd/collector/app/handler/otlp_receiver.go
index c69956dbdfb..1517d3de2df 100644
--- a/cmd/collector/app/handler/otlp_receiver.go
+++ b/cmd/collector/app/handler/otlp_receiver.go
@@ -103,8 +103,8 @@ func applyGRPCSettings(cfg *configgrpc.ServerConfig, opts *flags.GRPCOptions) {
 	if opts.HostPort != "" {
 		cfg.NetAddr.Endpoint = opts.HostPort
 	}
-	if opts.TLS.Enabled {
-		cfg.TLSSetting = opts.TLS.ToOtelServerConfig()
+	if opts.TLS != nil {
+		cfg.TLSSetting = opts.TLS
 	}
 	if opts.MaxReceiveMessageLength > 0 {
 		cfg.MaxRecvMsgSizeMiB = int(opts.MaxReceiveMessageLength / (1024 * 1024))
@@ -123,8 +123,8 @@ func applyHTTPSettings(cfg *confighttp.ServerConfig, opts *flags.HTTPOptions) {
 	if opts.HostPort != "" {
 		cfg.Endpoint = opts.HostPort
 	}
-	if opts.TLS.Enabled {
-		cfg.TLSSetting = opts.TLS.ToOtelServerConfig()
+	if opts.TLS != nil {
+		cfg.TLSSetting = opts.TLS
 	}
 
 	cfg.CORS = &confighttp.CORSConfig{
diff --git a/cmd/collector/app/handler/otlp_receiver_test.go b/cmd/collector/app/handler/otlp_receiver_test.go
index 1f18c3d07bb..cdc67603533 100644
--- a/cmd/collector/app/handler/otlp_receiver_test.go
+++ b/cmd/collector/app/handler/otlp_receiver_test.go
@@ -12,6 +12,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.opentelemetry.io/collector/component"
+	"go.opentelemetry.io/collector/config/configtls"
 	"go.opentelemetry.io/collector/consumer"
 	"go.opentelemetry.io/collector/pdata/ptrace"
 	"go.opentelemetry.io/collector/pipeline"
@@ -20,7 +21,6 @@ import (
 
 	"github.com/jaegertracing/jaeger/cmd/collector/app/flags"
 	"github.com/jaegertracing/jaeger/pkg/config/corscfg"
-	"github.com/jaegertracing/jaeger/pkg/config/tlscfg"
 	"github.com/jaegertracing/jaeger/pkg/tenancy"
 	"github.com/jaegertracing/jaeger/pkg/testutils"
 )
@@ -138,15 +138,16 @@ func TestApplyOTLPGRPCServerSettings(t *testing.T) {
 		MaxReceiveMessageLength: 42 * 1024 * 1024,
 		MaxConnectionAge:        33 * time.Second,
 		MaxConnectionAgeGrace:   37 * time.Second,
-		TLS: tlscfg.Options{
-			Enabled:        true,
-			CAPath:         "ca",
-			CertPath:       "cert",
-			KeyPath:        "key",
-			ClientCAPath:   "clientca",
-			MinVersion:     "1.1",
-			MaxVersion:     "1.3",
-			ReloadInterval: 24 * time.Hour,
+		TLS: &configtls.ServerConfig{
+			ClientCAFile: "clientca",
+			Config: configtls.Config{
+				CAFile:         "ca",
+				CertFile:       "cert",
+				KeyFile:        "key",
+				MinVersion:     "1.1",
+				MaxVersion:     "1.3",
+				ReloadInterval: 24 * time.Hour,
+			},
 		},
 	}
 	applyGRPCSettings(otlpReceiverConfig.GRPC, grpcOpts)
@@ -173,15 +174,16 @@ func TestApplyOTLPHTTPServerSettings(t *testing.T) {
 
 	httpOpts := &flags.HTTPOptions{
 		HostPort: ":12345",
-		TLS: tlscfg.Options{
-			Enabled:        true,
-			CAPath:         "ca",
-			CertPath:       "cert",
-			KeyPath:        "key",
-			ClientCAPath:   "clientca",
-			MinVersion:     "1.1",
-			MaxVersion:     "1.3",
-			ReloadInterval: 24 * time.Hour,
+		TLS: &configtls.ServerConfig{
+			ClientCAFile: "clientca",
+			Config: configtls.Config{
+				CAFile:         "ca",
+				CertFile:       "cert",
+				KeyFile:        "key",
+				MinVersion:     "1.1",
+				MaxVersion:     "1.3",
+				ReloadInterval: 24 * time.Hour,
+			},
 		},
 		CORS: corscfg.Options{
 			AllowedOrigins: []string{"http://example.domain.com", "http://*.domain.com"},
diff --git a/cmd/collector/app/handler/zipkin_receiver_tls_test.go b/cmd/collector/app/handler/zipkin_receiver_tls_test.go
index 2a52097f22d..5da0b6694d5 100644
--- a/cmd/collector/app/handler/zipkin_receiver_tls_test.go
+++ b/cmd/collector/app/handler/zipkin_receiver_tls_test.go
@@ -163,7 +163,7 @@ func TestSpanCollectorZipkinTLS(t *testing.T) {
 
 			opts := &flags.CollectorOptions{}
 			opts.Zipkin.HTTPHostPort = ports.PortToHostPort(ports.CollectorZipkin)
-			opts.Zipkin.TLS = test.serverTLS
+			opts.Zipkin.TLS = test.serverTLS.ToOtelServerConfig()
 
 			server, err := StartZipkinReceiver(opts, logger, spanProcessor, tm)
 			if test.expectServerFail {
diff --git a/cmd/collector/app/server/grpc.go b/cmd/collector/app/server/grpc.go
index d08ec69fc99..b9fbdbf41da 100644
--- a/cmd/collector/app/server/grpc.go
+++ b/cmd/collector/app/server/grpc.go
@@ -9,6 +9,7 @@ import (
 	"net"
 	"time"
 
+	"go.opentelemetry.io/collector/config/configtls"
 	"go.uber.org/zap"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@@ -20,13 +21,12 @@ import (
 	"github.com/jaegertracing/jaeger/cmd/collector/app/handler"
 	"github.com/jaegertracing/jaeger/cmd/collector/app/sampling"
 	"github.com/jaegertracing/jaeger/cmd/collector/app/sampling/samplingstrategy"
-	"github.com/jaegertracing/jaeger/pkg/config/tlscfg"
 	"github.com/jaegertracing/jaeger/proto-gen/api_v2"
 )
 
 // GRPCServerParams to construct a new Jaeger Collector gRPC Server
 type GRPCServerParams struct {
-	TLSConfig               tlscfg.Options
+	TLSConfig               *configtls.ServerConfig
 	HostPort                string
 	Handler                 *handler.GRPCHandler
 	SamplingProvider        samplingstrategy.Provider
@@ -53,9 +53,9 @@ func StartGRPCServer(params *GRPCServerParams) (*grpc.Server, error) {
 		MaxConnectionAgeGrace: params.MaxConnectionAgeGrace,
 	}))
 
-	if params.TLSConfig.Enabled {
+	if params.TLSConfig != nil {
 		// user requested a server with TLS, setup creds
-		tlsCfg, err := params.TLSConfig.ToOtelServerConfig().LoadTLSConfig(context.Background())
+		tlsCfg, err := params.TLSConfig.LoadTLSConfig(context.Background())
 		if err != nil {
 			return nil, err
 		}
diff --git a/cmd/collector/app/server/grpc_test.go b/cmd/collector/app/server/grpc_test.go
index 620a1668e85..d16623138dc 100644
--- a/cmd/collector/app/server/grpc_test.go
+++ b/cmd/collector/app/server/grpc_test.go
@@ -87,16 +87,17 @@ func TestSpanCollector(t *testing.T) {
 
 func TestCollectorStartWithTLS(t *testing.T) {
 	logger, _ := zap.NewDevelopment()
+	opts := tlscfg.Options{
+		Enabled:      true,
+		CertPath:     testCertKeyLocation + "/example-server-cert.pem",
+		KeyPath:      testCertKeyLocation + "/example-server-key.pem",
+		ClientCAPath: testCertKeyLocation + "/example-CA-cert.pem",
+	}
 	params := &GRPCServerParams{
 		Handler:          handler.NewGRPCHandler(logger, &mockSpanProcessor{}, &tenancy.Manager{}),
 		SamplingProvider: &mockSamplingProvider{},
 		Logger:           logger,
-		TLSConfig: tlscfg.Options{
-			Enabled:      true,
-			CertPath:     testCertKeyLocation + "/example-server-cert.pem",
-			KeyPath:      testCertKeyLocation + "/example-server-key.pem",
-			ClientCAPath: testCertKeyLocation + "/example-CA-cert.pem",
-		},
+		TLSConfig:        opts.ToOtelServerConfig(),
 	}
 	server, err := StartGRPCServer(params)
 	require.NoError(t, err)
diff --git a/cmd/collector/app/server/http.go b/cmd/collector/app/server/http.go
index b02a4319b36..411df873b2e 100644
--- a/cmd/collector/app/server/http.go
+++ b/cmd/collector/app/server/http.go
@@ -10,13 +10,13 @@ import (
 	"time"
 
 	"github.com/gorilla/mux"
+	"go.opentelemetry.io/collector/config/configtls"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 
 	"github.com/jaegertracing/jaeger/cmd/collector/app/handler"
 	"github.com/jaegertracing/jaeger/cmd/collector/app/sampling/samplingstrategy"
 	clientcfgHandler "github.com/jaegertracing/jaeger/pkg/clientcfg/clientcfghttp"
-	"github.com/jaegertracing/jaeger/pkg/config/tlscfg"
 	"github.com/jaegertracing/jaeger/pkg/healthcheck"
 	"github.com/jaegertracing/jaeger/pkg/httpmetrics"
 	"github.com/jaegertracing/jaeger/pkg/metrics"
@@ -25,7 +25,7 @@ import (
 
 // HTTPServerParams to construct a new Jaeger Collector HTTP Server
 type HTTPServerParams struct {
-	TLSConfig        tlscfg.Options
+	TLSConfig        *configtls.ServerConfig
 	HostPort         string
 	Handler          handler.JaegerBatchesHandler
 	SamplingProvider samplingstrategy.Provider
@@ -53,8 +53,8 @@ func StartHTTPServer(params *HTTPServerParams) (*http.Server, error) {
 		IdleTimeout:       params.IdleTimeout,
 		ErrorLog:          errorLog,
 	}
-	if params.TLSConfig.Enabled {
-		tlsCfg, err := params.TLSConfig.ToOtelServerConfig().LoadTLSConfig(context.Background())
+	if params.TLSConfig != nil {
+		tlsCfg, err := params.TLSConfig.LoadTLSConfig(context.Background())
 		if err != nil {
 			return nil, err
 		}
@@ -91,7 +91,7 @@ func serveHTTP(server *http.Server, listener net.Listener, params *HTTPServerPar
 	server.Handler = httpmetrics.Wrap(recoveryHandler(r), params.MetricsFactory, params.Logger)
 	go func() {
 		var err error
-		if params.TLSConfig.Enabled {
+		if params.TLSConfig != nil {
 			err = server.ServeTLS(listener, "", "")
 		} else {
 			err = server.Serve(listener)
diff --git a/cmd/collector/app/server/http_test.go b/cmd/collector/app/server/http_test.go
index 82b14b77916..b72cfc54039 100644
--- a/cmd/collector/app/server/http_test.go
+++ b/cmd/collector/app/server/http_test.go
@@ -51,7 +51,7 @@ func TestCreateTLSHTTPServerError(t *testing.T) {
 		HostPort:    fmt.Sprintf(":%d", ports.CollectorHTTP),
 		HealthCheck: healthcheck.New(),
 		Logger:      logger,
-		TLSConfig:   tlsCfg,
+		TLSConfig:   tlsCfg.ToOtelServerConfig(),
 	}
 	_, err := StartHTTPServer(params)
 	require.Error(t, err)
@@ -194,7 +194,7 @@ func TestSpanCollectorHTTPS(t *testing.T) {
 				MetricsFactory:   mFact,
 				HealthCheck:      healthcheck.New(),
 				Logger:           logger,
-				TLSConfig:        test.TLS,
+				TLSConfig:        test.TLS.ToOtelServerConfig(),
 			}
 
 			server, err := StartHTTPServer(params)