diff --git a/hosts/h001/containers/dawarich.nix b/hosts/h001/containers/dawarich.nix
index 337bc25b..9f8913a8 100644
--- a/hosts/h001/containers/dawarich.nix
+++ b/hosts/h001/containers/dawarich.nix
@@ -100,9 +100,10 @@ in
   options = { };
 
   config = {
-    services.nginx.virtualHosts."${domain}" = lib.mkIf (hasSecret "linode_rw_domains") {
-      forceSSL = true;
-      useACMEHost = "joshuabell.xyz";
+    services.nginx.virtualHosts."${domain}" = {
+      addSSL = true;
+      sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
+      sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
       extraConfig = ''
         client_max_body_size 50G;
         proxy_read_timeout 600s;
diff --git a/hosts/h001/containers/immich.nix b/hosts/h001/containers/immich.nix
index 4bd25d94..98330ea1 100644
--- a/hosts/h001/containers/immich.nix
+++ b/hosts/h001/containers/immich.nix
@@ -91,9 +91,10 @@ in
 {
   options = { };
   config = {
-    services.nginx.virtualHosts."photos.joshuabell.xyz" = lib.mkIf (hasSecret "linode_rw_domains") {
-      forceSSL = true;
-      useACMEHost = "joshuabell.xyz";
+    services.nginx.virtualHosts."photos.joshuabell.xyz" = {
+      addSSL = true;
+      sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
+      sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
       extraConfig = ''
         client_max_body_size 50G;
         proxy_read_timeout 600s;