diff --git a/authority/provisioner/controller.go b/authority/provisioner/controller.go
index 7e75c0e4..ef96639f 100644
--- a/authority/provisioner/controller.go
+++ b/authority/provisioner/controller.go
@@ -86,6 +86,7 @@ func (c *Controller) newWebhookController(templateData WebhookSetter, certType l
 		TemplateData: templateData,
 		client:       client,
 		webhooks:     c.webhooks,
+		certType:     certType,
 	}
 }
 
diff --git a/authority/provisioner/controller_test.go b/authority/provisioner/controller_test.go
index 37cbfd89..c628f074 100644
--- a/authority/provisioner/controller_test.go
+++ b/authority/provisioner/controller_test.go
@@ -8,6 +8,8 @@ import (
 	"testing"
 	"time"
 
+	"go.step.sm/crypto/x509util"
+	"go.step.sm/linkedca"
 	"golang.org/x/crypto/ssh"
 
 	"github.com/smallstep/certificates/authority/policy"
@@ -445,3 +447,18 @@ func TestDefaultAuthorizeSSHRenew(t *testing.T) {
 		})
 	}
 }
+
+func Test_newWebhookController(t *testing.T) {
+	c := &Controller{}
+	data := x509util.TemplateData{"foo": "bar"}
+	ctl := c.newWebhookController(data, linkedca.Webhook_X509)
+	if !reflect.DeepEqual(ctl.TemplateData, data) {
+		t.Error("Failed to set templateData")
+	}
+	if ctl.certType != linkedca.Webhook_X509 {
+		t.Error("Failed to set certType")
+	}
+	if ctl.client == nil {
+		t.Error("Failed to set client")
+	}
+}