diff --git a/services/acme-cert-store.nix b/services/acme-cert-store.nix
index b53f1e6..9f758a8 100644
--- a/services/acme-cert-store.nix
+++ b/services/acme-cert-store.nix
@@ -5,7 +5,6 @@
     description = "Read-only access to certs";
     openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys ++ [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHj2PK6LHsanSqaz8Gf/VqHaurd5e6Y7KnZNBiHb9adT nextcloud"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiJZWlmiEkVzlf5/KV/jKkCGlgp8mnEeCnwk/dhdctJ gitea"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgIXTr7HxC13UNZP0UCALBRJuiDh4U0Nnd4GPIE4RQR vaultwarden"
     ];
   };
diff --git a/services/gitea.nix b/services/gitea.nix
index d805bbc..e76a21e 100644
--- a/services/gitea.nix
+++ b/services/gitea.nix
@@ -1,16 +1,21 @@
 { config, ... }:
 {
-  imports = [ ./cert-store-client.nix ];
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
 
-  networking.firewall.allowedTCPPorts = [ 443 ];
-  networking.firewall.allowedUDPPorts = [ 443 ];
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "vili.m.sinerva@gmail.com";
+  };
 
   services = {
     gitea = {
       enable = true;
       lfs.enable = true;
       appName = "Gitea for Vili Sinervä";
-      mailerPasswordFile = "${config.services.gitea.stateDir}/smtp_pass"; # TODO
+      mailerPasswordFile = "${config.services.gitea.stateDir}/smtp_pass";
 
       settings = {
         repository = {
@@ -19,7 +24,7 @@
         ui.DEFAULT_SHOW_FULL_NAME = true;
         "ui.meta".AUTHOR = "Gitea, hosted by Vili Sinervä";
         server = {
-          DOMAIN = "gitea.vsinerva.fi";
+          DOMAIN = "gitea.sinerva.eu";
           HTTP_PORT = 8000;
           ROOT_URL = "https://${config.services.gitea.settings.server.DOMAIN}";
         };
@@ -30,7 +35,7 @@
           SMTP_ADDR = "smtp.gmail.com";
           SMTP_PORT = 587;
           USER = "vmsskv12@gmail.com"; # Password set in file
-          FROM = "gitea@vsinerva.fi";
+          FROM = "gitea@sinerva.eu";
         };
         cron = {
           ENABLED = true;
@@ -48,10 +53,9 @@
       recommendedProxySettings = true;
 
       virtualHosts.${config.services.gitea.settings.server.DOMAIN} = {
+        enableACME = true;
         forceSSL = true;
         kTLS = true;
-        sslCertificate = "/mnt/acme/fullchain.pem";
-        sslCertificateKey = "/mnt/acme/key.pem";
         locations."/" = {
           proxyPass = "http://localhost:8000";
         };