diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix
index b0f8fde..9b6575d 100644
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@@ -25,13 +25,20 @@
     };
   };
 
+  security.acme.certs."${config.services.forgejo.settings.server.DOMAIN}" = {
+    domain = "${config.homelab.authDomain}";
+    dnsProvider = "cloudflare";
+    dnsResolver = "1.1.1.1:53";
+    dnsPropagationCheck = true;
+  };
+
   # forgejo has user keys under its own .ssh/authorizedKeys file.
   # nix blocks me from using users.users.<name>.openssh.authorizedKeys.keyFiles
   # in order to only allow that to the forgejo user as it has "/var"
   services.openssh.authorizedKeysInHomedir = lib.mkForce true;
 
-  services.caddy.virtualHosts."git.${config.homelab.publicDomain}" = {
-    useACMEHost = config.homelab.domain;
+  services.caddy.virtualHosts."${config.services.forgejo.settings.server.DOMAIN}" = {
+    useACMEHost = config.services.forgejo.settings.server.DOMAIN;
     extraConfig = ''
       reverse_proxy http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
     '';