diff --git a/config/hosts/grondahl/data/secrets/acme_anarkafem_dev b/config/hosts/grondahl/data/secrets/acme_anarkafem_dev
deleted file mode 100644
index 5e08a24..0000000
Binary files a/config/hosts/grondahl/data/secrets/acme_anarkafem_dev and /dev/null differ
diff --git a/config/hosts/grondahl/data/secrets/secrets.nix b/config/hosts/grondahl/data/secrets/secrets.nix
index 1feacfc..249edb2 100644
Binary files a/config/hosts/grondahl/data/secrets/secrets.nix and b/config/hosts/grondahl/data/secrets/secrets.nix differ
diff --git a/config/hosts/grondahl/services/acme.nix b/config/hosts/grondahl/services/acme.nix
index a69f94e..076f91c 100644
--- a/config/hosts/grondahl/services/acme.nix
+++ b/config/hosts/grondahl/services/acme.nix
@@ -4,11 +4,6 @@
   security.acme = {
     acceptTerms = true;
     email = "admin+certs@anarkafem.dev";
-    certs."anarkafem.dev" = {
-      extraDomainNames = [ "*.anarkafem.dev" ];
-      dnsProvider = "hurricane";
-      credentialsFile = config.secrets.files.acme_anarkafem_dev.file;
-    };
   };
 }
 
diff --git a/config/hosts/grondahl/services/nginx.nix b/config/hosts/grondahl/services/nginx.nix
index 9d2edcd..2195ebe 100644
--- a/config/hosts/grondahl/services/nginx.nix
+++ b/config/hosts/grondahl/services/nginx.nix
@@ -2,7 +2,7 @@
   imports = [ ../../../common/services/nginx.nix ];
   services.nginx.virtualHosts = {
     "anarkafem.dev" = {
-      useACMEHost = "anarkafem.dev";
+      enableACME = true;
       forceSSL = true;
       locations."/".root = "/var/www/anarkafem.dev/public";
       locations."/_matrix/".proxyPass = "http://127.0.0.1:8008";
@@ -21,12 +21,12 @@
       };
     };
 		"cal.anarkafem.dev" = {
-			useACMEHost = "anarkafem.dev";
+			enableACME = true;
 			forceSSL = true;
 			locations."/".proxyPass = "http://127.0.0.1:4000";
 		};
 		"auth.anarkafem.dev" = {
-			useACMEHost = "anarkafem.dev";
+			enableACME = true;
 			forceSSL = true;
 			locations."/".proxyPass = "http://127.0.0.1:9000";
 		};
diff --git a/config/hosts/wind/data/secrets/acme_graven_dev.env b/config/hosts/wind/data/secrets/acme_graven_dev.env
deleted file mode 100644
index cd4a5e2..0000000
Binary files a/config/hosts/wind/data/secrets/acme_graven_dev.env and /dev/null differ
diff --git a/config/hosts/wind/data/secrets/acme_graven_se.env b/config/hosts/wind/data/secrets/acme_graven_se.env
deleted file mode 100644
index 7ac992b..0000000
Binary files a/config/hosts/wind/data/secrets/acme_graven_se.env and /dev/null differ
diff --git a/config/hosts/wind/data/secrets/secrets.nix b/config/hosts/wind/data/secrets/secrets.nix
index 5592aaf..815cba8 100644
Binary files a/config/hosts/wind/data/secrets/secrets.nix and b/config/hosts/wind/data/secrets/secrets.nix differ
diff --git a/config/hosts/wind/services/acme.nix b/config/hosts/wind/services/acme.nix
index 862d516..62ae467 100644
--- a/config/hosts/wind/services/acme.nix
+++ b/config/hosts/wind/services/acme.nix
@@ -4,18 +4,6 @@
   security.acme = {
     acceptTerms = true;
     email = "admin+certs@graven.dev";
-		certs = {
-			"graven.dev" = {
-				extraDomainNames = [ "*.graven.dev" ];
-				dnsProvider = "hurricane";
-				credentialsFile = config.secrets.files.acme_graven_dev.file;
-			};
-			"graven.se" = {
-				extraDomainNames = [ "*.graven.se" ];
-				dnsProvider = "hurricane";
-				credentialsFile = config.secrets.files.acme_graven_se.file;
-			};
-		};
   };
 }
 
diff --git a/config/hosts/wind/services/nginx.nix b/config/hosts/wind/services/nginx.nix
index e219049..a440332 100644
--- a/config/hosts/wind/services/nginx.nix
+++ b/config/hosts/wind/services/nginx.nix
@@ -2,7 +2,7 @@
 	imports = [ ../../../common/services/nginx.nix ];
 	services.nginx.virtualHosts = {
 		"graven.dev" = {
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			forceSSL = true;
 			locations."/".root = "/var/www/graven.dev/public";
 			locations."/_matrix".proxyPass = "http://127.0.0.1:8008";
@@ -21,17 +21,17 @@
 			};
 		};
 		"rss.graven.dev" = {
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			forceSSL = true;
 		};
 		"git.graven.dev" = {
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			forceSSL = true;
 			locations."/".proxyPass = "http://unix:/run/gitea/gitea.sock:";
 		};
 		"vault.graven.dev" = {
 			forceSSL = true;
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			locations."/" = {
 				proxyPass = "http://localhost:8812";
 				proxyWebsockets = true;
@@ -47,7 +47,7 @@
 		};
 		"openpgpkey.graven.dev" = {
 			forceSSL = true;
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			locations."/" = {
 				root = "/var/www/openpgpkey";
 				extraConfig = ''
@@ -63,7 +63,7 @@
 		};
 		"openpgpkey.graven.se" = {
 			forceSSL = true;
-			useACMEHost = "graven.se";
+			enableACME = true;
 			locations."/" = {
 				root = "/var/www/openpgpkey";
 				extraConfig = ''
@@ -79,7 +79,7 @@
 		};
 		"tor.graven.dev" = {
 			forceSSL = true;
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			locations."/" = {
 				root = "/var/www/tor";
 				extraConfig = ''