diff --git a/applications/ldap.nix b/applications/ldap.nix
index b58168d..142a62b 100644
--- a/applications/ldap.nix
+++ b/applications/ldap.nix
@@ -97,7 +97,7 @@ Gonna use a priper nixos module for this
       after = [ "acme-${cfg.domain.base}.service" ];
     };
 
-    users.groups.certs.members = [ "openldap" ];
+    users.groups.acme.members = [ "openldap" ];
 
     services.openldap = {
       enable = true;
@@ -114,10 +114,12 @@ Gonna use a priper nixos module for this
           olcTLSCACertificateFile = "/var/lib/acme/${cfg.domain.base}/full.pem";
           olcTLSCertificateFile = "/var/lib/acme/${cfg.domain.base}/cert.pem";
           olcTLSCertificateKeyFile = "/var/lib/acme/${cfg.domain.base}/key.pem";
-          olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL";
+          # got teh ciphers from https://access.redhat.com/articles/1474813
+          # the ones provided on the nixos page didnt work
+          olcTLSCipherSuite = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:!RC4:HIGH:!MD5:!EDH:!EXP:!SSLV2:!eNULL";
           olcTLSCRLCheck = "none";
           olcTLSVerifyClient = "never";
-          olcTLSProtocolMin = "3.1";
+          olcTLSProtocolMin = "3.3";
         };
 
         children = {