diff --git a/hosts/sugarcane/default.nix b/hosts/sugarcane/default.nix
index 36a6fe8..86e991b 100644
--- a/hosts/sugarcane/default.nix
+++ b/hosts/sugarcane/default.nix
@@ -4,6 +4,7 @@
   time.timeZone = "Asia/Singapore";
 
   age.secrets = {
+    acme_dns.file = ../../secrets/acme_dns.age;
     passwd.file = ../../secrets/passwd.age;
     wg_sugarcane.file = ../../secrets/wg_sugarcane.age;
   };
diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix
index 4b01c80..9537bb6 100644
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@@ -27,16 +27,16 @@
         forceSSL = true;
         root = inputs.website.outPath;
       };
-      "_" = {
-        default = true;
-        addSSL = true;
-        # TODO generate this somewhere
-        sslCertificate = "/persist/fakeCerts/fake.crt";
-        sslCertificateKey = "/persist/fakeCerts/fake.key";
-        extraConfig = ''
-          return 444;
-        '';
-      };
+      # "_" = {
+      #   default = true;
+      #   addSSL = true;
+      #   # TODO generate this somewhere
+      #   sslCertificate = "/persist/fakeCerts/fake.crt";
+      #   sslCertificateKey = "/persist/fakeCerts/fake.key";
+      #   extraConfig = ''
+      #     return 444;
+      #   '';
+      # };
     };
   };
 }
diff --git a/secrets.nix b/secrets.nix
index a713b13..bf67798 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -8,7 +8,7 @@ in {
   "secrets/passwd.age".publicKeys = [ blossom caramel sugarcane rin ];
   "secrets/wpa_conf.age".publicKeys = [ blossom caramel rin ];
 
-  "secrets/acme_dns.age".publicKeys = [ caramel rin ];
+  "secrets/acme_dns.age".publicKeys = [ caramel sugarcane rin ];
   "secrets/warden_admin.age".publicKeys = [ caramel rin ];
   "secrets/wg_blossom.age".publicKeys = [ blossom rin ];
   "secrets/wg_caramel.age".publicKeys = [ caramel rin ];