diff --git a/hosts/raptus/default.nix b/hosts/raptus/default.nix
index 8bedd57..08805b7 100644
--- a/hosts/raptus/default.nix
+++ b/hosts/raptus/default.nix
@@ -26,7 +26,10 @@ in
       group = "rustypaste";
     };
     forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age;
-    acme.file = ../../secrets/acme.age;
+    acme = {
+      owner = if config.security.acme.useRoot then "root" else "acme";
+      file = ../../secrets/acme.age;
+    };
   };
 
   boot.loader.grub = {
@@ -96,11 +99,12 @@ in
     polkit.enable = true;
 
     acme = {
-      defaults.email = "admin@ccnlc.eu";
       acceptTerms = true;
-      dnsProvider = "ovh";
-      environmentFile = config.age.secrets.acme.path;
-
+      defaults = {
+        email = "contact@ccnlc.eu";
+        dnsProvider = "ovh";
+        environmentFile = config.age.secrets.acme.path;
+      };
     };
   };
 
diff --git a/hosts/shan/default.nix b/hosts/shan/default.nix
index e1f7c62..e6e230b 100644
--- a/hosts/shan/default.nix
+++ b/hosts/shan/default.nix
@@ -27,7 +27,10 @@
       file = ../../secrets/freshrss-default-password.age;
       owner = config.services.freshrss.user;
     };
-    acme.file = ../../secrets/acme.age;
+    acme = {
+      owner = if config.security.acme.useRoot then "root" else "acme";
+      file = ../../secrets/acme.age;
+    };
   };
 
   boot.loader.grub = {
@@ -162,7 +165,7 @@
     enable = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-    clientMaxBodySize = "2000M";
+    clientMaxBodySize = "0";
     virtualHosts =
       let
         mkVHLocal = mkVH "http://localhost";