diff --git a/docs/backup_and_restore.rst b/docs/backup_and_restore.rst
index c3f50d4133..2e37e49d3a 100644
--- a/docs/backup_and_restore.rst
+++ b/docs/backup_and_restore.rst
@@ -156,6 +156,12 @@ to update the corresponding files on the *Admin Workstation*:
 * ``app-journalist-aths``
 * ``app-ssh-aths``
 
+The Onion URLs above can be fetched using the installer:
+
+.. code:: sh
+
+   ./securedrop-admin install
+
 Then rerun ``./securedrop-admin tailsconfig`` to update the *Admin Workstation*
 to use the restored Onion URLs again. See :doc:`configure_admin_workstation_post_install`
 for detailed instructions.
diff --git a/install_files/ansible-base/roles/restore/files/restore.py b/install_files/ansible-base/roles/restore/files/restore.py
index 7d51f7c677..7285132530 100755
--- a/install_files/ansible-base/roles/restore/files/restore.py
+++ b/install_files/ansible-base/roles/restore/files/restore.py
@@ -8,6 +8,7 @@
 """
 
 import os
+import shutil
 import subprocess
 import sys
 import tarfile
@@ -35,18 +36,29 @@ def verify_args():
 def main():
     verify_args()
 
+    # Remove the /var/lib/tor/services directories to purge values that may have been
+    # generated by running the ansible playbooks
+    for d in ['journalist', 'source']:
+        full_path = os.path.join('/var/lib/tor/services', d)
+        if os.path.exists(full_path):
+            shutil.rmtree(full_path)
+
     with tarfile.open(sys.argv[1], 'r:*') as backup:
         # This assumes that both the old installation (source of the backup)
         # and the new installation (destination of the restore) used the
         # default paths for various locations.
         backup.extractall(path='/')
 
+    # Apply database migrations (if backed-up version < version to restore)
+    subprocess.check_call(['dpkg-reconfigure', 'securedrop-app-code'])
+
+    # Update the configs
+    subprocess.check_call(['dpkg-reconfigure', 'securedrop-config'])
+
     # Reload Tor and the web server so they pick up the new configuration
     # If the process exits with a non-zero return code, raises an exception.
     subprocess.check_call(['service', 'apache2', 'restart'])
     subprocess.check_call(['service', 'tor', 'reload'])
-    # Apply database migrations (if backed-up version < version to restore)
-    subprocess.check_call(['dpkg-reconfigure', 'securedrop-app-code'])
 
 
 if __name__ == "__main__":