diff --git a/modules/server/containers/defs/traefik.nix b/modules/server/containers/defs/traefik.nix
index b87231b..a081ab6 100644
--- a/modules/server/containers/defs/traefik.nix
+++ b/modules/server/containers/defs/traefik.nix
@@ -25,7 +25,7 @@ in {
         "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
         "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
       };
-      extraOptions = [ "--user=:994" ]; #PODMAN GROUP FOR SOCKET ACCESS
+      # extraOptions = [ "--user=:994" ]; #PODMAN GROUP FOR SOCKET ACCESS
       overrides = {
         cmd = [ 
           "--api"
@@ -44,6 +44,8 @@ in {
           "--entrypoints.web-secure.transport.respondingtimeouts.readtimeout=0s"
           "--entrypoints.web-secure.proxyprotocol.trustedips=127.0.0.1/32,192.168.1.1/16,10.10.0.0/16"
           "--certificatesresolvers.default.acme.email=acme@${serverCfg.hostDomain}"
+          "--certificatesresolvers.default.acme.tlschallenge=false"
+          "--certificatesresolvers.default.acme.dnschallenge=true"
           "--certificatesresolvers.default.acme.storage=/custom/acme.json"
           "--certificatesresolvers.default.acme.dnschallenge.provider=${containerCfg.extra.provider}"
           "--entrypoints.web-secure.http.tls=true"
@@ -56,7 +58,7 @@ in {
           "/var/run/podman/podman.sock:/var/run/docker.sock" #PODMAN GROUP FOR SOCKET ACCESS
           # "${serverCfg.configPath}/traefik/traefik.yaml:/etc/traefik/traefik.yaml"
           # "${serverCfg.configPath}/traefik/access.log:/etc/traefik/access.log"
-          "${serverCfg.configPath}/traefik:/custom/acme.json"
+          "${serverCfg.configPath}/traefik:/custom"
         ];
       };
     };