diff --git a/applications/acme.nix b/applications/acme.nix
index 518c5d2..b4761f7 100644
--- a/applications/acme.nix
+++ b/applications/acme.nix
@@ -18,13 +18,6 @@ in {
           A list of domains to use for this server.
         '';
       };
-      domains_mail = lib.mkOption {
-        default = [];
-        type = lib.types.listOf lib.types.str;
-        description = ''
-          A list of domains to use for the mailserver.
-        '';
-      };
     };
   };
   config = {
@@ -49,10 +42,6 @@ in {
           domain = "skynet.ie";
           extraDomainNames = cfg.domains;
         };
-        "mail" = {
-          domain = "mail.skynet.ie";
-          extraDomainNames = cfg.domains_mail;
-        };
       };
     };
   };
diff --git a/applications/email.nix b/applications/email.nix
index 683d7ca..1ea0830 100644
--- a/applications/email.nix
+++ b/applications/email.nix
@@ -208,11 +208,78 @@ in {
 
     age.secrets.ldap_pw.file = ../secrets/ldap/pw.age;
 
-    skynet_acme.domains_mail = [
-      "imap.skynet.ie"
-      "pop3.skynet.ie"
-      "smtp.skynet.ie"
-    ];
+    security.acme.certs = {
+      "mail" = {
+        domain = "mail.skynet.ie";
+        extraDomainNames = [
+          "imap.skynet.ie"
+          "pop3.skynet.ie"
+          "smtp.skynet.ie"
+        ];
+      };
+
+      "imap" = {
+        domain = "imap.skynet.ie";
+        extraDomainNames = [
+          "mail.skynet.ie"
+          "pop3.skynet.ie"
+          "smtp.skynet.ie"
+        ];
+      };
+
+      "pop3" = {
+        domain = "pop3.skynet.ie";
+        extraDomainNames = [
+          "imap.skynet.ie"
+          "mail.skynet.ie"
+          "smtp.skynet.ie"
+        ];
+      };
+
+      "smtp" = {
+        domain = "smtp.skynet.ie";
+        extraDomainNames = [
+          "imap.skynet.ie"
+          "pop3.skynet.ie"
+          "mail.skynet.ie"
+        ];
+      };
+    };
+
+    # to provide the certs
+    services.nginx.virtualHosts = {
+      "mail.skynet.ie" = {
+        forceSSL = true;
+        useACMEHost = "mail";
+        # override the inbuilt nginx config
+        enableACME = false;
+        serverName = "mail.skynet.ie";
+      };
+
+      "imap.skynet.ie" = {
+        forceSSL = true;
+        useACMEHost = "imap";
+        # override the inbuilt nginx config
+        enableACME = false;
+        serverName = "imap.skynet.ie";
+      };
+
+      "pop3.skynet.ie" = {
+        forceSSL = true;
+        useACMEHost = "pop3";
+        # override the inbuilt nginx config
+        enableACME = false;
+        serverName = "pop3.skynet.ie";
+      };
+
+      "smtp.skynet.ie" = {
+        forceSSL = true;
+        useACMEHost = "smtp";
+        # override the inbuilt nginx config
+        enableACME = false;
+        serverName = "smtp.skynet.ie";
+      };
+    };
 
     # set up dns record for it
     skynet_dns.records = [
@@ -305,17 +372,6 @@ in {
       }
     ];
 
-    # to provide the certs
-    services.nginx.virtualHosts = {
-      "${cfg.sub}.${cfg.domain}" = {
-        forceSSL = true;
-        useACMEHost = "mail";
-        # override the inbuilt nginx config
-        enableACME = false;
-        serverName = "${cfg.sub}.${cfg.domain}";
-      };
-    };
-
     #https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html
     users.groups.nginx = {};
     users.groups.roundcube = {};