diff --git a/machines/elrond/configuration.nix b/machines/elrond/configuration.nix
index 112ece8..7bc152d 100644
--- a/machines/elrond/configuration.nix
+++ b/machines/elrond/configuration.nix
@@ -22,7 +22,6 @@
   networking.useDHCP = false;                   
   networking.interfaces.ens3.useDHCP = true; # lmao interface is not constant. I really only want to use dhcp att all so could remove this in favor of the old way.
   networking.hostName = "elrond"; # Define your hostname.
-  networking.domain = "addictedmaker.eu"; # Define your domain.
   
   boot.kernel.sysctl = {
 	"net.ipv4.conf.all.forwarding" = true;
diff --git a/profiles/webhost.nix b/profiles/webhost.nix
index 2904924..282c20e 100644
--- a/profiles/webhost.nix
+++ b/profiles/webhost.nix
@@ -6,7 +6,7 @@ imports =
       ./sops.nix
       ../services/nginx.nix
       #../services/authelia.nix
-      ../services/fail2ban.nix
+      #../services/fail2ban.nix
     ];
 
 }
diff --git a/services/nginx.nix b/services/nginx.nix
index 394eca1..6e9ab82 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -6,26 +6,35 @@
     restartUnits = [ "nginx.service" ];
     owner = "nginx";
   };
-  networking.domain = "addictedmaker.eu";
+
+
+  networking.enableIPv6 = false; # lol for some reason acme works without ipv6
+
+  networking.domain = "lauterer.it";
   #acme and certs helpful blog https://carjorvaz.com/posts/
   security.acme = {
     acceptTerms = true;
     defaults.email = "adrian+acme@lauterer.it";
-    
     certs."${config.networking.domain}" = {
-      domain = "${config.networking.domain}";
+      domain = "*.${config.networking.domain}";
       extraDomainNames = [ 
-        "*.${config.networking.domain}"
+        "${config.networking.domain}"
         #"${config.networking.domain}"
         #"lauterer.it"
-        "*.lauterer.it"
-        "*.256.no"
+        #"*.lauterer.it"
+        #"*.256.no"
       ];
+      
+      #server = "https://acme-staging-v02.api.letsencrypt.org/directory"; #for testing.
+      enableDebugLogs = true;
+
+
+
+      dnsResolver = "ns1.hyp.net:53";
       dnsProvider = "domeneshop";   # from here according to provider https://go-acme.github.io/lego/dns/ 
       dnsPropagationCheck = true;
       #need to manually create this file according to dnsprovider secrets, and format of key according to lego in privider and add to secrets.yaml
-      #credentialsFile =  config.sops.secrets."acme/certs".path; 
-      credentialsFile =  "/run/secrets/acme/certs"; 
+      credentialsFile =  config.sops.secrets."acme/certs".path; 
     };
   };