diff --git a/hosts/rpi-5/nixos.nix b/hosts/rpi-5/nixos.nix
index 660b42f..97fd5fa 100644
--- a/hosts/rpi-5/nixos.nix
+++ b/hosts/rpi-5/nixos.nix
@@ -29,13 +29,27 @@ in
     staticConfigOptions = {
       entryPoints = {
         web = {
-          address = "0.0.0.0:80";
+          address = ":80";
+          http.redirections.entrypoint = {
+            to = "websecure";
+            scheme = "https";
+          };
           asDefault = true;
         };
+        websecure = {
+          address = ":443";
+          asDefault = true;
+          http.tls.certResolver = "letsencrypt";
+        };
         traefik = {
           address = ":8081";
         };
       };
+      certificatesResolvers.letsencrypt.acme = {
+        email = "doloroo@proton.me";
+        storage = "${config.services.traefik.dataDir}/acme.json";
+        httpChallenge.entryPoint = "web";
+      };
       api.dashboard = true;
       api.insecure = true;
     };