diff --git a/modules/proxy.nix b/modules/proxy.nix
index 4c9e880..7a88c80 100644
--- a/modules/proxy.nix
+++ b/modules/proxy.nix
@@ -172,8 +172,15 @@ in
       }
 
       ${matrixRtcDomain} {
-        reverse_proxy http://[::1]:${toString config.services.livekit.settings.port} {
-          flush_interval -1
+        handle /.well-known/acme-challenge/* {
+          root * /var/lib/acme/acme-challenge
+          file_server
+        }
+
+        handle {
+          reverse_proxy http://[::1]:${toString config.services.livekit.settings.port} {
+            flush_interval -1
+          }
         }
       }
     '';
@@ -192,4 +199,13 @@ in
     ++ streamPorts;
     allowedUDPPorts = streamPorts;
   };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "me@${atriDotDad}";
+
+    certs."${matrixRtcDomain}" = {
+      webroot = "/var/lib/acme/acme-challenge";
+    };
+  };
 }