diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index 19100c41e..bb4c76534 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -2170,7 +2170,7 @@ listener.quic.external = 14567
 ## The path of WebSocket MQTT endpoint
 ##
 ## Value: URL Path
-listener.quic.external.mqtt_path = /mqtt
+listener.quic.external.mqtt_path = "/mqtt"
 
 ## The acceptor pool for external MQTT/QUIC listener.
 ##
@@ -2244,14 +2244,14 @@ listener.quic.external.access.1 = allow all
 ## See: listener.ssl.$name.keyfile
 ##
 ## Value: File
-listener.quic.external.keyfile = {{ platform_etc_dir }}/certs/key.pem
+listener.quic.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
 
 ## Path to a file containing the user certificate.
 ##
 ## See: listener.ssl.$name.certfile
 ##
 ## Value: File
-listener.quic.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
+listener.quic.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
 
 ## Path to the file containing PEM-encoded CA certificates.
 ##
@@ -2294,7 +2294,7 @@ listener.quic.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
 ## See: listener.ssl.$name.ciphers
 ##
 ## Value: Ciphers
-listener.quic.external.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
+listener.quic.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
 
 ## Ciphers for TLS PSK.
 ## Note that 'listener.quic.external.ciphers' and 'listener.quic.external.psk_ciphers' cannot
@@ -2459,7 +2459,7 @@ listener.quic.external.allow_origin_absence = true
 ## Comma separated list of allowed origin in header for secure websocket connection
 ##
 ## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084
-listener.quic.external.check_origins = https://localhost:8084, https://127.0.0.1:8084
+listener.quic.external.check_origins = "https://localhost:8084, https://127.0.0.1:8084"
 
 ## CONFIG_SECTION_END=listeners ================================================