diff --git a/modules/server/containers/defs/traefik.nix b/modules/server/containers/defs/traefik.nix
index ecf86e1..6e2e1ab 100644
--- a/modules/server/containers/defs/traefik.nix
+++ b/modules/server/containers/defs/traefik.nix
@@ -3,15 +3,11 @@ let
 version = "3";
 serverCfg = config.syscfg.server;
 in {
-  # paths = [{
-  #   path="${serverCfg.dataPath}/authentik/media";
-  #   owner = "1000:1000";
-  #   mode = "0755";
-  # }{
-  #   path="${serverCfg.dataPath}/authentik/templates";
-  #   owner = "1000:1000";
-  #   mode = "0755";
-  # }];
+  paths = [{
+    path="${serverCfg.dataPath}/traefik";
+    owner = "1000:1000";
+    mode = "0755";
+  }];
 
   containers = {
     server = builder.mkContainer {
@@ -47,8 +43,7 @@ in {
           "--entrypoints.web-secure.transport.respondingtimeouts.readtimeout=0s"
           "--entrypoints.web-secure.proxyprotocol.trustedips=127.0.0.1/32,192.168.1.1/16,10.10.0.0/16"
           "--certificatesresolvers.default.acme.email=acme@${serverCfg.hostDomain}"
-          "--certificatesresolvers.default.acme.storage=/acme.json"
-          "--certificatesresolvers.default.acme.dnschallenge=true"
+          "--certificatesresolvers.default.acme.storage=/custom/acme.json"
           "--certificatesresolvers.default.acme.dnschallenge.provider=${containerCfg.extra.provider}"
           "--entrypoints.web-secure.http.tls=true"
           "--entrypoints.web-secure.http.tls.certresolver=default"
@@ -60,7 +55,7 @@ in {
           "/var/run/podman/podman.sock:/var/run/docker.sock" #PODMAN GROUP FOR SOCKET ACCESS
           # "${serverCfg.configPath}/traefik/traefik.yaml:/etc/traefik/traefik.yaml"
           # "${serverCfg.configPath}/traefik/access.log:/etc/traefik/access.log"
-          # "${serverCfg.configPath}/traefik/acme.json:/acme.json"
+          "${serverCfg.configPath}/traefik:/custom/acme.json"
         ];
       };
     };