diff --git a/modules/server/containers/defs/traefik.nix b/modules/server/containers/defs/traefik.nix
index 02b7ab9..58bc310 100644
--- a/modules/server/containers/defs/traefik.nix
+++ b/modules/server/containers/defs/traefik.nix
@@ -21,9 +21,9 @@ in {
         "traefik.http.routers.${containerCfg.subdomain}.service" = "api@internal";
         "traefik.http.routers.${containerCfg.subdomain}.middlewares" = "authentik";
 
-        "traefik.http.routers.${containerCfg.subdomain}.tls.certresolver=default"
-        "traefik.http.routers.${containerCfg.subdomain}.tls.domains[0].main=${serverCfg.hostDomain}"
-        "traefik.http.routers.${containerCfg.subdomain}.tls.domains[0].sans=*.${serverCfg.hostDomain}"
+        "traefik.http.routers.${containerCfg.subdomain}.tls.certresolver" = "default";
+        "traefik.http.routers.${containerCfg.subdomain}.tls.domains[0].main" = "${serverCfg.hostDomain}";
+        "traefik.http.routers.${containerCfg.subdomain}.tls.domains[0].sans" = "*.${serverCfg.hostDomain}";
         "traefik.http.middlewares.authentik.forwardauth.address" = "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik";
         "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
         "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";