diff --git a/fediversity/garage.nix b/fediversity/garage.nix
index cc6187f..0dd0d7f 100644
--- a/fediversity/garage.nix
+++ b/fediversity/garage.nix
@@ -159,10 +159,9 @@ in
       };
     };
 
-    services.nginx.virtualHosts."garagePortProxy" = {
+    services.nginx.virtualHosts.${fedicfg.web.rootDomain} = {
       forceSSL = true;
       enableACME = true;
-      serverName = fedicfg.web.rootDomain;
       serverAliases = lib.mapAttrsToList (bucket: _: fedicfg.web.domainForBucket bucket) cfg.ensureBuckets; ## TODO: use wildcard certificates?
       locations."/" = {
         proxyPass = "http://localhost:3902";
diff --git a/vm/garage-vm.nix b/vm/garage-vm.nix
index 31e3c41..8deb49f 100644
--- a/vm/garage-vm.nix
+++ b/vm/garage-vm.nix
@@ -1,6 +1,8 @@
-{ config, modulesPath, ... }:
+{ lib, config, modulesPath, ... }:
 
 let
+  inherit (lib) mkVMOverride;
+
   fedicfg = config.fediversity.internal.garage;
 
 in {
@@ -9,6 +11,11 @@ in {
     (modulesPath + "/virtualisation/qemu-vm.nix")
   ];
 
+  services.nginx.virtualHosts.${fedicfg.web.rootDomain} = {
+    forceSSL = mkVMOverride false;
+    enableACME = mkVMOverride false;
+  };
+
   virtualisation.diskSize = 2048;
   virtualisation.forwardPorts = [
     {