diff --git a/pkg/runner/aggregate_sender.go b/pkg/runner/aggregate_sender.go
index 440835e..306f410 100644
--- a/pkg/runner/aggregate_sender.go
+++ b/pkg/runner/aggregate_sender.go
@@ -26,6 +26,7 @@ type aggregateSender struct {
 	aggrecURL         *url.URL
 	caCertPool        *x509.CertPool
 	signingHTTPClient *httpsign.Client
+	httpTransport     *http.Transport
 }
 
 func (edm *dnstapMinimiser) newAggregateSender(aggrecURL *url.URL, signingJwk jwk.Key, caCertPool *x509.CertPool) (aggregateSender, error) {
@@ -37,21 +38,22 @@ func (edm *dnstapMinimiser) newAggregateSender(aggrecURL *url.URL, signingJwk jw
 	}
 
 	// Create HTTP handler for sending aggregate files to aggrec
-	httpClient := http.Client{
-		Transport: &http.Transport{
-			Dial: (&net.Dialer{
-				Timeout:   30 * time.Second,
-				KeepAlive: 30 * time.Second,
-			}).Dial,
-			TLSHandshakeTimeout:   10 * time.Second,
-			ResponseHeaderTimeout: 10 * time.Second,
-			TLSClientConfig: &tls.Config{
-				RootCAs:              caCertPool,
-				GetClientCertificate: edm.httpClientCertStore.getClientCertificate,
-				MinVersion:           tls.VersionTLS13,
-			},
+	httpTransport := &http.Transport{
+		Dial: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+		}).Dial,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ResponseHeaderTimeout: 10 * time.Second,
+		TLSClientConfig: &tls.Config{
+			RootCAs:              caCertPool,
+			GetClientCertificate: edm.httpClientCertStore.getClientCertificate,
+			MinVersion:           tls.VersionTLS13,
 		},
 	}
+	httpClient := http.Client{
+		Transport: httpTransport,
+	}
 
 	edm.log.Info("creating HTTP signer", "key_id", signingJwk.KeyID(), "key_alg", signingJwk.Algorithm())
 
@@ -70,6 +72,7 @@ func (edm *dnstapMinimiser) newAggregateSender(aggrecURL *url.URL, signingJwk jw
 		aggrecURL:         aggrecURL,
 		caCertPool:        caCertPool,
 		signingHTTPClient: client,
+		httpTransport:     httpTransport,
 	}, nil
 }
 
diff --git a/pkg/runner/runner.go b/pkg/runner/runner.go
index 17cb068..2788c28 100644
--- a/pkg/runner/runner.go
+++ b/pkg/runner/runner.go
@@ -645,12 +645,18 @@ func (edm *dnstapMinimiser) setupHistogramSender() error {
 	}
 
 	edm.aggregSenderMutex.Lock()
+	oldAggregSender := edm.aggregSender
 	edm.aggregSender, err = edm.newAggregateSender(httpURL, httpSigningJwk, httpCACertPool)
 	edm.aggregSenderMutex.Unlock()
 	if err != nil {
 		return fmt.Errorf("setupHistogramSender: unable to create aggregate sender: %w", err)
 	}
 
+	// Close idle connections in the old HTTP client to release resources
+	if oldAggregSender.httpTransport != nil {
+		oldAggregSender.httpTransport.CloseIdleConnections()
+	}
+
 	return nil
 }