diff --git a/nixos/amon/configuration.nix b/nixos/amon/configuration.nix
index b848f3f..66dbec2 100644
--- a/nixos/amon/configuration.nix
+++ b/nixos/amon/configuration.nix
@@ -35,6 +35,19 @@
     git
   ];
 
+  sops.secrets.cloudflare_api_token = {
+    sopsFile = ./secrets/acme.yaml;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "kevin@1in9.net";
+    certs."amon.srv.1in9.net" = {
+      dnsProvider = "cloudflare";
+      credentialsFile = "/run/secrets/cloudflare_api_token";
+    };
+  };
+
   system.stateVersion = "22.11"; # No touchy.
 
 }
\ No newline at end of file
diff --git a/nixos/amon/secrets/acme.yaml b/nixos/amon/secrets/acme.yaml
new file mode 100644
index 0000000..f042e9f
--- /dev/null
+++ b/nixos/amon/secrets/acme.yaml
@@ -0,0 +1,30 @@
+cloudflare_api_token: ENC[AES256_GCM,data:ImZ935q7Dd/wbiC22siZxm//S5cKO1AUHmXkrx+HfXTZW1VdRqG7bJF4RSaf62vK95hie6sw6p5EFg==,iv:1/W5mN+X6oDUHnhLef/hfdbuB+GBCvhPdORVre1uopI=,tag:pqXBFA0Xkbjde754jgU3EA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTzhXRzdJYTlsTSt0MXli
+            d2VLTng5ZzJOenRaaHkvUG5NU2FEZlMyZkQ4Cm4wVTR0SGVhTCtlRTM4WjgxLy9v
+            Y3N3SS9pTSthV3ZlcENaaWFVTHhuMTgKLS0tIDdYc0Z1aGVKcldTam1NdUZsOUFJ
+            Y2lNbURIMXVZM3VMaFEwdzA1eWc0UUUKbwgWfuXO7Y7PYBb9TWMbS5Ag3rcd1mPn
+            NwtfpR0VBZVLhJJ12v3U7uQvrsKc0wVaY2t19KpUHJgjC26ihA4xOw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1jxzgv6z7emkv2rqztuuzzeq3qjq9jluu6vg0vljcltyvxps5lv3smltd2t
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvUlZxaDZhck9MODdISnM0
+            eFJFWFR3MWV0T0FDT0ZnL0JRRWVvcUpIekQ0Cm0zWkZqY2xzcjl3aEhrQWVXRWNM
+            WVFWSDkxM2V6Tk1TUEE5clREOGZHOEkKLS0tIFpyU0RJWUl5WWIvTDVQSW4wZzVZ
+            SEMyMjhGSFRaSzFWWWJmL201azR2R2cK+3ogP1Fah0Eh1ATQqUfLUo27P72hslJJ
+            tseOPx1XFKSH8MMfKPS+bFk/m2ng2AFcoYvhDrXe3nyUZ0g0zVlkQg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-04-24T11:04:43Z"
+    mac: ENC[AES256_GCM,data:rHmS1YT7KLkKnpSLxpbf2OsXFMoZtCHnU/y3hSGzpVHNl1te1Y9KrVAXilEMmEQAS0APSEGYt7P5TrWXxxDzUB3mplenhqS0yeYUl5RHysAIodXEI8pN/z5fTkb549HvhtJ0u21MVuN2/Spw/YlMVTcmDl0/18BbyCxTwUX0Eec=,iv:0hWbOnHyHA0lXbQmfS6qX+ztX+ocEH5XFY20s63N3aY=,tag:mpcGDgVd1fe5oDg1zh6Agg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3