diff --git a/nix-system-configs/modules/system/mail-server.nix b/nix-system-configs/modules/system/mail-server.nix
index 4419ab6..3c12a76 100644
--- a/nix-system-configs/modules/system/mail-server.nix
+++ b/nix-system-configs/modules/system/mail-server.nix
@@ -121,15 +121,15 @@ in {
           hostname = "mail.prg-radio.org";
           domain = "prg-radio.org";
         };
-        acme."letsencrypt" = {
-          directory = "https://acme-v02.api.letsencrypt.org/directory";
-          challenge = "dns-01";
-          # reference the contact and secret via files under /etc/stalwart
-          contact = "%{file:/etc/stalwart/cloudflare-username}%";
-          domains = ["prg-radio.org" "mail.prg-radio.org"];
-          provider = "cloudflare";
-          secret = "%{file:/etc/stalwart/acme-secret}%";
-        };
+        #   acme."letsencrypt" = {
+        #     directory = "https://acme-v02.api.letsencrypt.org/directory";
+        #    challenge = "dns-01";
+        #   # reference the contact and secret via files under /etc/stalwart
+        #    contact = "%{file:/etc/stalwart/cloudflare-username}%";
+        #   domains = ["prg-radio.org" "mail.prg-radio.org"];
+        #   provider = "cloudflare";
+        #   secret = "%{file:/etc/stalwart/acme-secret}%";
+        #};
         session.auth = {
           mechanisms = ["plain"];
           directory = "in-memory";
diff --git a/nix-system-configs/modules/system/traefik.nix b/nix-system-configs/modules/system/traefik.nix
index 4bf7731..349b15e 100644
--- a/nix-system-configs/modules/system/traefik.nix
+++ b/nix-system-configs/modules/system/traefik.nix
@@ -371,7 +371,7 @@ in {
 
           # Mail HTTP (JMAP / web) - terminate TLS at Traefik and forward to Stalwart JMAP HTTP listener
           mail = {
-            rule = "Host(`mail.prg-radio.org`)";
+            rule = "Host(`mail.prg-radio.org`,`mta-sts.prg-radio.org`,`autoconfig.prg-radio.org`,`autodiscover.prg-radio.org`)";
             service = "mail-jmap";
             entryPoints = ["websecure"];
             tls = {certresolver = "acme";};
@@ -379,7 +379,7 @@ in {
 
           # Mail web administration UI (Stalwart management) - exposed under /management
           mail-webadmin = {
-            rule = "Host(`mail.prg-radio.org`) && PathPrefix(`/management`)";
+            rule = "Host(`mail.prg-radio.org`,`mta-sts.prg-radio.org`,`autoconfig.prg-radio.org`,`autodiscover.prg-radio.org`) && PathPrefix(`/management`)";
             service = "mail-webadmin";
             entryPoints = ["websecure"];
             tls = {certresolver = "acme";};
@@ -517,17 +517,17 @@ in {
 
           # Mail TCP services
           mail-smtp.loadBalancer = {
-                  proxyProtocol = { version = 2; }; # Add this line
+            proxyProtocol = {version = 2;}; # Add this line
             servers = [{address = "10.1.1.15:25";}];
           };
 
           mail-smtps.loadBalancer = {
-                  proxyProtocol = { version = 2; }; # Add this line
+            proxyProtocol = {version = 2;}; # Add this line
             servers = [{address = "10.1.1.15:465";}];
           };
 
           mail-imaps.loadBalancer = {
-                  proxyProtocol = { version = 2; }; # Add this line
+            proxyProtocol = {version = 2;}; # Add this line
             servers = [{address = "10.1.1.15:993";}];
           };
         };