diff --git a/configuration/default.nix b/configuration/default.nix
index 6d5090f..f82830f 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -138,7 +138,6 @@
     recommendedGzipSettings = true;
     recommendedProxySettings = true;
     clientMaxBodySize = "10G";
-    domain = "tlater.net";
 
     statusPage = true; # For metrics, should be accessible only from localhost
 
diff --git a/configuration/hardware-specific/hetzner/default.nix b/configuration/hardware-specific/hetzner/default.nix
index 6149628..f6915ee 100644
--- a/configuration/hardware-specific/hetzner/default.nix
+++ b/configuration/hardware-specific/hetzner/default.nix
@@ -10,6 +10,8 @@
   # TODO(tlater): See if would be useful for anything?
   boot.kernelParams = ["nosgx"];
 
+  services.nginx.domain = "116.202.158.55";
+
   systemd.network.networks."eth0" = {
     matchConfig.MACAddress = "90:1b:0e:c1:8c:62";
 
diff --git a/configuration/hardware-specific/linode/default.nix b/configuration/hardware-specific/linode/default.nix
index b05fade..8194ec4 100644
--- a/configuration/hardware-specific/linode/default.nix
+++ b/configuration/hardware-specific/linode/default.nix
@@ -6,6 +6,8 @@
   # Required for the lish console
   boot.kernelParams = ["console=ttyS0,19200n8"];
 
+  services.nginx.domain = "tlater.net";
+
   boot.loader = {
     # Timeout to allow lish to connect
     timeout = 10;
diff --git a/configuration/hardware-specific/vm.nix b/configuration/hardware-specific/vm.nix
index 32423ab..8e7720a 100644
--- a/configuration/hardware-specific/vm.nix
+++ b/configuration/hardware-specific/vm.nix
@@ -6,7 +6,7 @@
 
   # Sets the base domain for nginx to localhost so that we
   # can easily test locally with the VM.
-  services.nginx.domain = lib.mkOverride 99 "localhost";
+  services.nginx.domain = "localhost";
 
   # Use the staging secrets
   sops.defaultSopsFile = lib.mkOverride 99 ../../keys/staging.yaml;
diff --git a/modules/default.nix b/modules/default.nix
index 55e356c..de1c7c2 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1,8 +1,23 @@
-{lib, ...}: let
-  inherit (lib) mkOption types;
-in {
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: {
   options.services.nginx.domain = lib.mkOption {
     type = lib.types.str;
     description = "The base domain name to append to virtual domain names";
   };
+
+  config = {
+    # Don't attempt to run acme if the domain name is not tlater.net
+    systemd.services = let
+      confirm = ''[[ "tlater.net" = ${config.services.nginx.domain} ]]'';
+    in
+      lib.mapAttrs' (cert: _:
+        lib.nameValuePair "acme-${cert}" {
+          serviceConfig.ExecCondition = ''${pkgs.runtimeShell} -c '${confirm}' '';
+        })
+      config.security.acme.certs;
+  };
 }