diff --git a/flake.nix b/flake.nix
index 52d1686..fb9ad1e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -166,7 +166,7 @@
 
                         networking = {
                             firewall = {
-                                allowedTCPPorts = [ 80 443 4533 7878 8096 8089 8902 8989 9000 9696 11112 24454 25565 25600 ];
+                                allowedTCPPorts = [ 80 443 4533 7878 8080 8081 8083 8089 8096 8181 8787 8902 8989 9000 9696 11112 24454 25565 25600 ];
                             };
                         };
                     };
diff --git a/hosts/diphda/system.nix b/hosts/diphda/system.nix
index 0a5163e..148a12e 100644
--- a/hosts/diphda/system.nix
+++ b/hosts/diphda/system.nix
@@ -70,6 +70,17 @@
         };
     };
 
+    security.acme = {
+        acceptTerms = true;
+        certs."download.simmer505.com" = {
+            dnsProvider = "porkbun";
+            environmentFile = "${pkgs.writeText "porkbun-creds" ''
+                INWX_USERNAME=${pkgs.readFile}
+                INWX_PASSWORD=${pkgs.readFile}
+            ''}";
+        };
+    };
+
     # Use the systemd-boot EFI boot loader.
     boot.loader.systemd-boot.enable = true;
     boot.loader.efi.canTouchEfiVariables = true;