diff --git a/pkg/webhook/server.go b/pkg/webhook/server.go
index 6724cee8db..de214d9e95 100644
--- a/pkg/webhook/server.go
+++ b/pkg/webhook/server.go
@@ -27,6 +27,7 @@ import (
 
 	"k8s.io/apimachinery/pkg/runtime"
 	apitypes "k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/runtime/inject"
@@ -219,11 +220,9 @@ func (s *Server) run(stop <-chan struct{}) error {
 		errCh <- srv.ListenAndServeTLS(path.Join(s.CertDir, writer.ServerCertName), path.Join(s.CertDir, writer.ServerKeyName))
 	}
 
+	timer := time.Tick(wait.Jitter(6*30*24*time.Hour, 0.1))
 	go serveFn()
 	for {
-		// TODO(mengqiy): add jitter to the timer
-		// Could use https://godoc.org/k8s.io/apimachinery/pkg/util/wait#Jitter
-		timer := time.Tick(6 * 30 * 24 * time.Hour)
 		select {
 		case <-timer:
 			changed, err := s.RefreshCert()
@@ -240,11 +239,16 @@ func (s *Server) run(stop <-chan struct{}) error {
 				log.Error(err, "encountering error when shutting down")
 				return err
 			}
+			timer = time.Tick(wait.Jitter(6*30*24*time.Hour, 0.1))
 			go serveFn()
 		case <-stop:
 			return nil
 		case e := <-errCh:
-			return e
+			// Don't exit when getting an http.ErrServerClosed error.
+			// We will get this error each time we restart the server.
+			if e != http.ErrServerClosed {
+				return e
+			}
 		}
 	}
 }