diff --git a/configuration/nginx.nix b/configuration/nginx.nix
index 3ec3bd9..0b72cc1 100644
--- a/configuration/nginx.nix
+++ b/configuration/nginx.nix
@@ -53,7 +53,7 @@
         "*.tlater.com"
       ];
       dnsProvider = "porkbun";
-      group = "ssl-cert";
+      group = "nginx";
       credentialFiles = {
         PORKBUN_API_KEY_FILE = config.sops.secrets."porkbun/api-key".path;
         PORKBUN_SECRET_API_KEY_FILE = config.sops.secrets."porkbun/secret-api-key".path;
@@ -61,12 +61,6 @@
     };
   };
 
-  users.groups.ssl-cert = { };
-
-  systemd.services.nginx.serviceConfig.SupplementaryGroups = [
-    config.security.acme.certs."tlater.net".group
-  ];
-
   services.backups.acme = {
     user = "acme";
     paths = lib.mapAttrsToList (
diff --git a/configuration/services/conduit/default.nix b/configuration/services/conduit/default.nix
index c7e4ab4..18062ed 100644
--- a/configuration/services/conduit/default.nix
+++ b/configuration/services/conduit/default.nix
@@ -50,10 +50,6 @@ in
   # See also https://gitlab.com/famedly/conduit/-/issues/314
   systemd.services.conduit.serviceConfig.EnvironmentFile = config.sops.secrets."turn/env".path;
 
-  systemd.services.coturn.serviceConfig.SupplementaryGroups = [
-    config.security.acme.certs."tlater.net".group
-  ];
-
   services.coturn = {
     enable = true;
     no-cli = true;