diff --git a/modules/homelab/services/audiobookshelf/default.nix b/modules/homelab/services/audiobookshelf/default.nix
index 43d5b96..c1ab148 100644
--- a/modules/homelab/services/audiobookshelf/default.nix
+++ b/modules/homelab/services/audiobookshelf/default.nix
@@ -106,6 +106,7 @@ in
 
     # add to caddy for reverse proxy
     services.caddy.virtualHosts."${cfg.url}" = {
+      serverAliases = [ "abs.${homelab.public_domain}" ];
       extraConfig = ''
         tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
         reverse_proxy http://127.0.0.1:${toString cfg.port}
diff --git a/modules/homelab/services/caddy/default.nix b/modules/homelab/services/caddy/default.nix
index be7d2a1..88c26ab 100644
--- a/modules/homelab/services/caddy/default.nix
+++ b/modules/homelab/services/caddy/default.nix
@@ -46,7 +46,7 @@ in
       dataDir = cfg.data_dir;
       email = "me@blakedheld.xyz";
       globalConfig = ''
-        auto_https off
+        auto_https ignore_loaded_certs
       '';
     };
 
diff --git a/modules/homelab/services/gitea/default.nix b/modules/homelab/services/gitea/default.nix
index 4d0236a..cf2a2bc 100644
--- a/modules/homelab/services/gitea/default.nix
+++ b/modules/homelab/services/gitea/default.nix
@@ -129,6 +129,7 @@ in
 
     # add to caddy for reverse proxy
     services.caddy.virtualHosts."${cfg.url}" = {
+      serverAliases = [ "git.${homelab.public_domain}" ];
       extraConfig = ''
         tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
         reverse_proxy http://127.0.0.1:${toString cfg.port}
diff --git a/modules/homelab/services/glance/default.nix b/modules/homelab/services/glance/default.nix
index 538238e..905b49f 100644
--- a/modules/homelab/services/glance/default.nix
+++ b/modules/homelab/services/glance/default.nix
@@ -251,6 +251,7 @@ in
 
     # add to caddy for reverse proxy
     services.caddy.virtualHosts."${cfg.url}" = {
+      serverAliases = [ "${homelab.public_domain}" ];
       extraConfig = ''
         tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
         reverse_proxy http://127.0.0.1:${toString cfg.port}
diff --git a/modules/homelab/services/home/homeassistant/default.nix b/modules/homelab/services/home/homeassistant/default.nix
index 1d3a0d6..1195deb 100644
--- a/modules/homelab/services/home/homeassistant/default.nix
+++ b/modules/homelab/services/home/homeassistant/default.nix
@@ -123,6 +123,7 @@ in
 
     # add to caddy for reverse proxy
     services.caddy.virtualHosts."${cfg.url}" = {
+      serverAliases = [ "${service}.${homelab.public_domain}" ];
       extraConfig = ''
         tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
         reverse_proxy http://127.0.0.1:${toString cfg.port}
diff --git a/modules/homelab/services/home/zigbee2mqtt/default.nix b/modules/homelab/services/home/zigbee2mqtt/default.nix
index d7101a3..8bb8be2 100644
--- a/modules/homelab/services/home/zigbee2mqtt/default.nix
+++ b/modules/homelab/services/home/zigbee2mqtt/default.nix
@@ -123,6 +123,7 @@ in
 
     # add to caddy for reverse proxy
     services.caddy.virtualHosts."${cfg.url}" = {
+      serverAliases = [ "z2m.${homelab.public_domain}" ];
       extraConfig = ''
         tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
         reverse_proxy http://127.0.0.1:${toString cfg.port}
diff --git a/modules/homelab/services/immich/default.nix b/modules/homelab/services/immich/default.nix
index dfcea75..47d9436 100644
--- a/modules/homelab/services/immich/default.nix
+++ b/modules/homelab/services/immich/default.nix
@@ -98,6 +98,7 @@ in
 
     # add to caddy for reverse proxy
     services.caddy.virtualHosts."${cfg.url}" = {
+      serverAliases = [ "photos.${homelab.public_domain}" ];
       extraConfig = ''
         tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
         reverse_proxy http://127.0.0.1:${toString cfg.port}