diff --git a/services/acme_sh.md b/services/acme_sh.md
deleted file mode 100644
index 35d868b..0000000
--- a/services/acme_sh.md
+++ /dev/null
@@ -1,195 +0,0 @@
-# Let's Encrypt
-
-Use [acme.sh](https://github.com/Neilpang/acme.sh/) for wholly self-contained Let's Encrypt certificates. This assumes CloudFlare DNS is used for authentication.
-
-**NOTE:** You probably want to use a DNS provider/API so you don't have to expose a service to the outside world.
-
-**NOTE:** You may want to use a filesystem on a USB disk instead of /var for the volumes setup in the below Docker command(s) to help reduce writes to the micro sd card.
-
-## Domains
-
-### Top Level Domain (TLD) ideas
-
-- .zone
-- .host
-- .travel
-- .link
-- .online
-- .net
-- .tech
-- .club
-
-### Registrar suggestions
-
-- [http://namecheap.com/](http://namecheap.com/)
-- [https://uniregistry.com/](https://uniregistry.com/)
-
-## Dependencies
-
-``` bash
-apt update
-apt install jq
-
-```
-
-## Prep
-
-Grab the acme.sh Dockerfile and update it to work with arm (32 or 64).
-
-``` bash
-
-mkdir -p /scratch/docker/acme.sh
-cd /scratch/docker/acme.sh
-wget https://raw.githubusercontent.com/Neilpang/acme.sh/master/Dockerfile
-sed -i '1s/^/ARG ALPINE=alpine:3.6\n/' Dockerfile
-sed -i '/FROM/c\FROM $ALPINE' Dockerfile
-mkdir /var/acme.sh
-chmod 700 /var/acme.sh
-
-```
-
-## Setup / Run
-
-Setup a basic update/run script with the adjusted upstream Dockerfile
-
-``` bash
-
-cat > /scratch/docker/acme.sh/acme.sh <<EOF
-#!/bin/bash
-
-LATEST=\`docker images --no-trunc acme.sh/acme.sh | awk '{print \$2}' | sort -r | head -n1\`
-
-RELEASE=\`curl -s https://api.github.com/repos/Neilpang/acme.sh/releases/latest | jq -r .tag_name\`
-
-if [ \$RELEASE == \$LATEST ]
-then
-    echo "Already up to date"
-fi
-
-ARCH=\`arch\`
-ALPINE=""
-
-# Cleanup arch here
-if [ \$ARCH == "aarch64" ]
-then
-    echo "64bit arm"
-    ARCH="arm64"
-    ALPINE="arm64v8/alpine"
-else
-    echo "32bit arm"
-    ARCH="arm"
-    ALPINE="arm32v6/alpine"
-fi
-
-echo "Build parms"
-echo "    \${RELEASE}"
-echo "    \${ARCH}"
-echo "    \${ALPINE}"
-
-echo "Running build"
-
-docker build \\
-    --network host \\
-    --build-arg ALPINE=\$ALPINE \\
-    --file /scratch/docker/acme.sh/Dockerfile \\
-    --tag acme_sh/acme_sh:\$RELEASE \\
-    .
-
-echo "Running with latest release"
-
-# Cleanup existing container
-docker stop acme_sh
-docker rm acme_sh
-
-# Re-run/create container with latest image
-# daemon (for cron auto renews)
-docker run -itd  \\
-    -v "/var/acme.sh":/acme.sh \\
-    --net=host \\
-    --restart unless-stopped \\
-    --name=acme_sh \\
-    acme_sh/acme_sh:\$RELEASE daemon
-
-EOF
-
-chmod a+x /scratch/docker/acme.sh/acme.sh
-
-```
-
-## First Run
-
-Run ```cd /scratch/docker/acme.sh && /scratch/docker/acme.sh/acme.sh``` to get the container online. The following commands will get your Let's Encrypt certificates created.
-
-*Note: The above script(s) setup the container to auto-run for auto-renew purposes. If you think you'll miss your renew window, force update the certs*
-
-## Get Help
-
-``` bash
-
-docker exec acme.sh --help
-
-```
-
-## Renewals...
-
-If you're going to be on the go, you may want to force rewewal of your scripts ahead of any travel or longer periods of time away from the internet. The author recommends a simple script at ```/root/update_certs.sh``` or similar that calls the necessary command(s) from below.
-
-## Register a Let's Encrypt Account
-
-Only do this **ONCE**
-
-``` bash
-
-docker exec acme.sh \
-    --register-account \
-    --staging
-
-```
-
-## Issue Cert (CloudFlare DNS API)
-
-``` bash
-
-docker exec \
-    -e CF_Email='[your cloudflare email]' \
-    -e CF_Key='[your cloudflare api key]' \
-    acme_sh \
-    --issue \
-    --cert-file /acme.sh/domain.tld/domain.tld.crt \
-    --dns dns_cf \
-    -d domain.tld \
-    -d pi-hole-gui.domain.tld \
-    -d syncthing-gui.domain.tld \
-    -d nextcloud.domain.tld \
-    --staging
-
-```
-
-## Force Renew All Certs (CloudFlare DNS API)
-
-``` bash
-
-docker exec \
-    -e CF_Email='[your cloudflare email]' \
-    -e CF_Key='[your cloudflare api key]' \
-    acme_sh \
-    --renew-all \
-    --force \
-    --dns dns_cf \
-    --staging
-
-```
-
-## Revoke Cert
-
-``` bash
-
-docker exec acme_sh \
-    --revoke \
-    -d domain.tld \
-    -d pi-hole-gui.domain.tld \
-    -d syncthing-gui.domain.tld \
-    -d nextcloud.domain.tld \
-    --staging
-
-```
diff --git a/services/nextcloud.md b/services/nextcloud.md
index a5b6b32..ce46e50 100644
--- a/services/nextcloud.md
+++ b/services/nextcloud.md
@@ -91,7 +91,9 @@ EOF
 
 cat > /etc/caddy/services/nextcloud.conf <<EOF
 # Nextcloud proxy
-nextcloud:80, nextcloud:443, nextcloud.domain.tld:80, nextcloud.domain.tld:443 {
+nextcloud.domain.tld {
+    tls user@domain.domain.tld
+    
     redir 301 {
         if {scheme} is http
         /  https://nextcloud.domain.tld{uri}
@@ -101,10 +103,6 @@ nextcloud:80, nextcloud:443, nextcloud.domain.tld:80, nextcloud.domain.tld:443 {
     proxy / 172.30.7.7:80 {
         transparent
     }
-
-    # Use acme.sh Let's Encrypt SSL cert setup
-    tls /var/acme.sh/domain.tld/fullchain.cer /var/acme.sh/domain.tld/domain.tld.key
-
     header / {
         # Enable HTTP Strict Transport Security (HSTS) to force clients to always
         # connect via HTTPS (do not use if only testing)
diff --git a/services/pi_hole.md b/services/pi_hole.md
index 7287d08..71739de 100644
--- a/services/pi_hole.md
+++ b/services/pi_hole.md
@@ -117,7 +117,9 @@ cat > /etc/caddy/services/pi-hole.conf <<EOF
 # Pi Hole proxy
 #    This is only so good
 #    Pi Hole assumes everything is http. Bump it over to http instead of https, because Pi Hole is stupid at life
-pi-hole-gui:80, pi-hole-gui:443, pi-hole-gui.domain.tld:80 pi-hole-gui.domain.tld:443 {
+pi-hole-gui.domain.tld {
+    tls user@domain.tld
+    
     redir 301 {
         if {scheme} is https
         /  http://pi-hole-gui.domain.tld{uri}
@@ -127,9 +129,6 @@ pi-hole-gui:80, pi-hole-gui:443, pi-hole-gui.domain.tld:80 pi-hole-gui.domain.tl
     proxy / 172.30.5.5:80 {
         transparent
     }
-
-    # Use acme.sh Let's Encrypt SSL cert setup
-    tls /var/acme.sh/domain.tld/fullchain.cer /var/acme.sh/domain.tld/domain.tld.key
 }
 EOF
 
diff --git a/services/searx.md b/services/searx.md
index d8802de..6b5661b 100644
--- a/services/searx.md
+++ b/services/searx.md
@@ -58,7 +58,9 @@ Simply execute ```/scratch/docker/searx/searx.sh``` to update/run Gogs.
 
 cat > /etc/caddy/services/searx.conf <<EOF
 # Searx proxy
-searx:80, searx:443, searx.domain.tld:80, searx.domain.tld:443 {
+searx.domain.tld {
+    tls user@domain.tld
+    
     redir 301 {
         if {scheme} is http
         /  https://searx.domain.tld{uri}
@@ -68,9 +70,6 @@ searx:80, searx:443, searx.domain.tld:80, searx.domain.tld:443 {
     proxy / 172.30.8.8:8888 {
         transparent
     }
-
-    # Use acme.sh Let's Encrypt SSL cert setup
-    tls /var/acme.sh/domain.tld/fullchain.cer /var/acme.sh/domain.tld/domain.tld.key
 }
 EOF
 
diff --git a/services/syncthing.md b/services/syncthing.md
index cbaaa84..ab85568 100644
--- a/services/syncthing.md
+++ b/services/syncthing.md
@@ -135,7 +135,9 @@ EOF
 
 cat > /etc/caddy/services/syncthing.conf <<EOF
 # Syncthing proxy
-syncthing-gui:80, syncthing-gui:443, syncthing-gui.domain.tld:80, syncthing-gui.domain.tld:443 {
+syncthing-gui.domain.tld {
+    tls user@domain.tld
+
     redir 301 {
         if {scheme} is http
         /  https://syncthing-gui.domain.tld{uri}
@@ -146,9 +148,6 @@ syncthing-gui:80, syncthing-gui:443, syncthing-gui.domain.tld:80, syncthing-gui.
         transparent
         header_upstream Host 127.0.0.1 # Reset the transparent proxy host so requests aren't blocked by syncthing
     }
-
-    # Use acme.sh Let's Encrypt SSL cert setup
-    tls /var/acme.sh/domain.tld/fullchain.cer /var/acme.sh/domain.tld/domain.tld.key
 }
 EOF
 
diff --git a/services/ttrss.md b/services/ttrss.md
index 0206477..23109ea 100644
--- a/services/ttrss.md
+++ b/services/ttrss.md
@@ -62,7 +62,9 @@ Simply execute ```/root/docker/ttrss.sh``` to update/run TT-RSS.
 
 cat > /etc/caddy/services/ttrss.conf <<EOF
 # TT-RSS proxy
-ttrss:80, ttrss:443, ttrss.domain.tld:80, ttrss.domain.tld:443 {
+ttrss.domain.tld {
+    tls user@domain.tld
+
     redir 301 {
         if {scheme} is http
         /  https://ttrss.domain.tld{uri}
@@ -72,9 +74,6 @@ ttrss:80, ttrss:443, ttrss.domain.tld:80, ttrss.domain.tld:443 {
     proxy / 172.30.13.13:80 {
         transparent
     }
-
-    # Use acme.sh Let's Encrypt SSL cert setup
-    tls /var/acme.sh/domain.tld/fullchain.cer /var/acme.sh/domain.tld/domain.tld.key
 }
 EOF
 
diff --git a/services/wallabag.md b/services/wallabag.md
index b9c2c98..dd8ff4c 100644
--- a/services/wallabag.md
+++ b/services/wallabag.md
@@ -115,7 +115,9 @@ docker exec -it wallabag /bin/sh -c "mkdir -p /wallabag/data/db && touch /wallab
 
 cat > /etc/caddy/services/wallabag.conf <<EOF
 # Wallabag proxy
-wallabag:80, wallabag:443, wallabag.domain.tld:80, wallabag.domain.tld:443 {
+wallabag.domain.tld {
+    tls user@domain.tld
+
     redir 301 {
         if {scheme} is http
         /  https://wallabag.domain.tld{uri}
@@ -125,9 +127,6 @@ wallabag:80, wallabag:443, wallabag.domain.tld:80, wallabag.domain.tld:443 {
     proxy / 172.30.9.9:80 {
         transparent
     }
-
-    # Use acme.sh Let's Encrypt SSL cert setup
-    tls /var/acme.sh/domain.tld/domain.tld.cer /var/acme.sh/domain.tld/domain.tld.key
 }
 EOF