diff --git a/hosts/Infini-DL360/conduwuit.nix b/hosts/Infini-DL360/conduwuit.nix
index 54eced1..5b2bf05 100644
--- a/hosts/Infini-DL360/conduwuit.nix
+++ b/hosts/Infini-DL360/conduwuit.nix
@@ -31,7 +31,7 @@ in
   networking.firewall.allowedTCPPorts = [ 8448 ];
 
   services.nginx.virtualHosts = {
-    ${domain} = common.nginx.ssl // {
+    ${domain} = common.nginx.ssl-inx // {
       locations."^~ /_matrix" = {
         proxyPass = host;
         recommendedProxySettings = false;
diff --git a/hosts/Infini-DL360/forgejo.nix b/hosts/Infini-DL360/forgejo.nix
index 9d7c27f..b0979e4 100644
--- a/hosts/Infini-DL360/forgejo.nix
+++ b/hosts/Infini-DL360/forgejo.nix
@@ -102,7 +102,7 @@ in
     };
   };
 
-  services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
+  services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
     locations."/" = {
       proxyPass = "http://${cfg.settings.server.DOMAIN}:${toString cfg.settings.server.HTTP_PORT}";
       extraConfig = ''
diff --git a/hosts/Infini-DL360/freshrss.nix b/hosts/Infini-DL360/freshrss.nix
index be6b9d1..ac4d98b 100644
--- a/hosts/Infini-DL360/freshrss.nix
+++ b/hosts/Infini-DL360/freshrss.nix
@@ -4,7 +4,7 @@ let
   domain = "freshrss.inx.moe";
 in
 {
-  services.nginx.virtualHosts.${domain} = common.nginx.ssl;
+  services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx;
 
   services.freshrss = {
     enable = true;
diff --git a/hosts/Infini-DL360/hedgedoc.nix b/hosts/Infini-DL360/hedgedoc.nix
index 749ecd0..ce747b7 100644
--- a/hosts/Infini-DL360/hedgedoc.nix
+++ b/hosts/Infini-DL360/hedgedoc.nix
@@ -28,7 +28,7 @@ in
     };
   };
 
-  services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
+  services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
     locations."/" = {
       proxyPass = "http://${cfg.settings.host}:${toString cfg.settings.port}";
     };
diff --git a/hosts/Infini-DL360/hydra.nix b/hosts/Infini-DL360/hydra.nix
index fe6eb76..4a10236 100644
--- a/hosts/Infini-DL360/hydra.nix
+++ b/hosts/Infini-DL360/hydra.nix
@@ -9,7 +9,7 @@ let
   domain = common.subdomain "hydra";
 in
 {
-  services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
+  services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
     locations."/" = {
       proxyPass = "http://localhost:${toString config.services.hydra.port}";
     };
diff --git a/hosts/Infini-DL360/immich.nix b/hosts/Infini-DL360/immich.nix
index 594c40b..568a80c 100644
--- a/hosts/Infini-DL360/immich.nix
+++ b/hosts/Infini-DL360/immich.nix
@@ -9,7 +9,7 @@ let
   cfg = config.services.immich;
 in
 {
-  services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
+  services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
     extraConfig = ''
       client_max_body_size 5000M;
 
diff --git a/hosts/Infini-DL360/jellyfin.nix b/hosts/Infini-DL360/jellyfin.nix
index 32c3f9d..74c0b82 100644
--- a/hosts/Infini-DL360/jellyfin.nix
+++ b/hosts/Infini-DL360/jellyfin.nix
@@ -13,7 +13,7 @@ let
   '';
 in
 {
-  services.nginx.virtualHosts."jellyfin.inx.moe" = common.nginx.ssl // {
+  services.nginx.virtualHosts."jellyfin.inx.moe" = common.nginx.ssl-inx // {
     extraConfig = ''
       client_max_body_size 20M;
     '';
diff --git a/hosts/Infini-DL360/radicale.nix b/hosts/Infini-DL360/radicale.nix
index 3caba9f..44c8ebd 100644
--- a/hosts/Infini-DL360/radicale.nix
+++ b/hosts/Infini-DL360/radicale.nix
@@ -27,7 +27,7 @@ in
     };
   };
 
-  services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
+  services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
     locations."/".proxyPass = "http://localhost:5232";
   };
 }
diff --git a/hosts/Infini-DL360/searx.nix b/hosts/Infini-DL360/searx.nix
index 10cc2c7..7a4fa74 100644
--- a/hosts/Infini-DL360/searx.nix
+++ b/hosts/Infini-DL360/searx.nix
@@ -43,7 +43,7 @@ in
 
   users.users.nginx.extraGroups = [ "searx" ];
 
-  services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
+  services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
     locations."/" = {
       extraConfig = ''
         include ${config.services.nginx.package}/conf/uwsgi_params;
diff --git a/hosts/Infini-DL360/thelounge.nix b/hosts/Infini-DL360/thelounge.nix
index e9fe118..11e1c23 100644
--- a/hosts/Infini-DL360/thelounge.nix
+++ b/hosts/Infini-DL360/thelounge.nix
@@ -6,7 +6,7 @@
 }:
 
 {
-  services.nginx.virtualHosts."thelounge.inx.moe" = common.nginx.ssl // {
+  services.nginx.virtualHosts."thelounge.inx.moe" = common.nginx.ssl-inx // {
     locations."/" = {
       proxyPass = "http://localhost:${toString config.services.thelounge.port}";
     };
diff --git a/hosts/Infini-DL360/vaultwarden.nix b/hosts/Infini-DL360/vaultwarden.nix
index 02d2f64..c3c97db 100644
--- a/hosts/Infini-DL360/vaultwarden.nix
+++ b/hosts/Infini-DL360/vaultwarden.nix
@@ -12,7 +12,7 @@ in
 {
   persist.directories = [ config.services.vaultwarden.dataDir ];
 
-  services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
+  services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
     locations."/" = {
       proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
     };
diff --git a/hosts/Infini-DL360/web.nix b/hosts/Infini-DL360/web.nix
index f865c1f..77f6603 100644
--- a/hosts/Infini-DL360/web.nix
+++ b/hosts/Infini-DL360/web.nix
@@ -6,7 +6,12 @@
   ...
 }:
 let
-  inherit (common.nginx) ssl ssl-optional;
+  inherit (common.nginx)
+    ssl
+    ssl-optional
+    ssl-inx
+    ssl-inx-optional
+    ;
 
   tryFiles = "$uri $uri.html $uri/ =404";
   websiteConfig = ''
@@ -56,12 +61,12 @@ in
     websites
     // redirects
     // {
-      "j.inx.moe" = ssl-optional // {
+      "j.inx.moe" = ssl-inx-optional // {
         locations."/" = {
           return = "302 $jump_link";
         };
       };
-      "blahaj.inx.moe" = ssl-optional // {
+      "blahaj.inx.moe" = ssl-inx-optional // {
         locations."/" = {
           tryFiles = "/Blahaj.png =404";
           root = ./static;
@@ -79,7 +84,7 @@ in
           return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
         };
       };
-      "files.inx.moe" = ssl // {
+      "files.inx.moe" = ssl-inx // {
         locations."/" = {
           root = "/srv/web/files.inx.moe";
           extraConfig = ''
@@ -90,7 +95,7 @@ in
           root = "/srv/web/files.inx.moe";
         };
       };
-      "old.inx.moe" = ssl-optional // {
+      "old.inx.moe" = ssl-inx-optional // {
         locations."/" = {
           root = "/srv/web/inx.moe";
           inherit tryFiles;
diff --git a/modules/global/common.nix b/modules/global/common.nix
index 1ff2e09..2ee9d6c 100644
--- a/modules/global/common.nix
+++ b/modules/global/common.nix
@@ -6,17 +6,25 @@
     domain = "inx.moe";
     subdomain = subdomain: "${subdomain}.${domain}";
 
-    nginx = rec {
-      ssl-cert = {
+    nginx = {
+      ssl-optional = {
         enableACME = true;
         acmeRoot = null;
-      };
-      ssl-optional = ssl-cert // {
         addSSL = true;
       };
-      ssl = ssl-cert // {
+      ssl = {
+        enableACME = true;
+        acmeRoot = null;
         forceSSL = true;
       };
+      ssl-inx = {
+        useACMEHost = domain;
+        forceSSL = true;
+      };
+      ssl-inx-optional = {
+        useACMEHost = domain;
+        addSSL = true;
+      };
     };
 
     rsyncnet = rec {