diff --git a/applications/acme.nix b/applications/acme.nix
index 435715b..518c5d2 100644
--- a/applications/acme.nix
+++ b/applications/acme.nix
@@ -9,16 +9,24 @@ with lib; let
 in {
   imports = [];
 
-  options.skynet_acme = {
-    domains = lib.mkOption {
-      default = [];
-      type = lib.types.listOf lib.types.str;
-      description = ''
-        A list of domains to use for this server.
-      '';
+  options = {
+    skynet_acme = {
+      domains = lib.mkOption {
+        default = [];
+        type = lib.types.listOf lib.types.str;
+        description = ''
+          A list of domains to use for this server.
+        '';
+      };
+      domains_mail = lib.mkOption {
+        default = [];
+        type = lib.types.listOf lib.types.str;
+        description = ''
+          A list of domains to use for the mailserver.
+        '';
+      };
     };
   };
-
   config = {
     # group that will own the certificates
     users.groups.acme = {};
@@ -41,6 +49,10 @@ in {
           domain = "skynet.ie";
           extraDomainNames = cfg.domains;
         };
+        "mail" = {
+          domain = "mail.skynet.ie";
+          extraDomainNames = cfg.domains_mail;
+        };
       };
     };
   };
diff --git a/applications/email.nix b/applications/email.nix
index 05ee8d0..683d7ca 100644
--- a/applications/email.nix
+++ b/applications/email.nix
@@ -208,8 +208,10 @@ in {
 
     age.secrets.ldap_pw.file = ../secrets/ldap/pw.age;
 
-    skynet_acme.domains = [
-      "${cfg.sub}.${cfg.domain}"
+    skynet_acme.domains_mail = [
+      "imap.skynet.ie"
+      "pop3.skynet.ie"
+      "smtp.skynet.ie"
     ];
 
     # set up dns record for it
@@ -307,7 +309,7 @@ in {
     services.nginx.virtualHosts = {
       "${cfg.sub}.${cfg.domain}" = {
         forceSSL = true;
-        useACMEHost = "skynet";
+        useACMEHost = "mail";
         # override the inbuilt nginx config
         enableACME = false;
         serverName = "${cfg.sub}.${cfg.domain}";