diff --git a/sanic/__main__.py b/sanic/__main__.py
index 322d735d..b6a66b8e 100644
--- a/sanic/__main__.py
+++ b/sanic/__main__.py
@@ -28,10 +28,13 @@ if __name__ == "__main__":
             raise ValueError("Module is not a Sanic app, it is a {}.  "
                              "Perhaps you meant {}.app?"
                              .format(type(app).__name__, args.module))
+        if args.cert is not None or args.key is not None:
+            ssl = {'cert': args.cert, 'key': args.key}
+        else:
+            ssl = None
 
         app.run(host=args.host, port=args.port,
-                workers=args.workers, debug=args.debug,
-                cert=args.cert, key=args.key)
+                workers=args.workers, debug=args.debug, ssl=ssl)
     except ImportError:
         log.error("No module named {} found.\n"
                   "  Example File: project/sanic_server.py -> app\n"
diff --git a/sanic/app.py b/sanic/app.py
index 1d9a4987..ad4d7923 100644
--- a/sanic/app.py
+++ b/sanic/app.py
@@ -7,7 +7,7 @@ from functools import partial
 from inspect import isawaitable, stack, getmodulename
 from traceback import format_exc
 from urllib.parse import urlencode, urlunparse
-from ssl import create_default_context
+from ssl import create_default_context, Purpose
 
 from sanic.config import Config
 from sanic.constants import HTTP_METHODS
@@ -635,9 +635,9 @@ class Sanic:
             # try common aliaseses
             cert = ssl.get('cert') or ssl.get('certificate')
             key = ssl.get('key') or ssl.get('keyfile')
-            if not cert and key:
+            if cert is None or key is None:
                 raise ValueError("SSLContext or certificate and key required.")
-            context = create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
+            context = create_default_context(purpose=Purpose.CLIENT_AUTH)
             context.load_cert_chain(cert, keyfile=key)
             ssl = context
         if stop_event is not None: