diff --git a/modules/cloonar-assistant/home-assistant/default.nix b/modules/cloonar-assistant/home-assistant/default.nix
index f037fa6..bedd47e 100644
--- a/modules/cloonar-assistant/home-assistant/default.nix
+++ b/modules/cloonar-assistant/home-assistant/default.nix
@@ -92,13 +92,23 @@ in
   };
   users.groups.hass.gid = gid;
 
+  users.users.nginx.extraGroups = [ "ssl-users" ];
+
   services.nginx.enable = true;
   services.nginx.virtualHosts."${domain}" = {
     root = "/var/www";
+    sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
+    sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
+    sslTrustedCertificate = "/var/lib/acme/${domain}/chain.pem";
+    
     forceSSL = true;
     extraConfig = ''
       proxy_buffering off;
     '';
+    location.""^~ /.well-known/acme-challenge/".extraConfig = ''
+      auth_basic off;
+      auth_request off;
+    '';
     locations."/".extraConfig = ''
       proxy_pass http://10.233.0.2:8123;
       proxy_set_header Host $host;