diff --git a/base/services/nginx.nix b/base/services/nginx.nix
index d628cb5..f97e3ff 100644
--- a/base/services/nginx.nix
+++ b/base/services/nginx.nix
@@ -39,29 +39,38 @@
     SystemCallFilter = lib.mkForce null;
   };
 
-  services.nginx.virtualHosts."_" = lib.mkIf config.services.nginx.enable {
-    listen = [
-      {
-        addr = "0.0.0.0";
-        extraParameters = [
-          "default_server"
-          # Seemingly the default value of net.core.somaxconn
-          "backlog=4096"
-          "deferred"
-        ];
-      }
-      {
-        addr = "[::0]";
-        extraParameters = [
-          "default_server"
-          "backlog=4096"
-          "deferred"
-        ];
-      }
-    ];
-    sslCertificate = "/etc/certs/nginx.crt";
-    sslCertificateKey = "/etc/certs/nginx.key";
-    addSSL = true;
-    extraConfig = "return 444;";
+  services.nginx.virtualHosts = lib.mkIf config.services.nginx.enable {
+    "_" = {
+      listen = [
+        {
+          addr = "0.0.0.0";
+          extraParameters = [
+            "default_server"
+            # Seemingly the default value of net.core.somaxconn
+            "backlog=4096"
+            "deferred"
+          ];
+        }
+        {
+          addr = "[::0]";
+          extraParameters = [
+            "default_server"
+            "backlog=4096"
+            "deferred"
+          ];
+        }
+      ];
+      sslCertificate = "/etc/certs/nginx.crt";
+      sslCertificateKey = "/etc/certs/nginx.key";
+      addSSL = true;
+      extraConfig = "return 444;";
+    };
+
+    ${config.networking.fqdn} = {
+      sslCertificate = "/etc/certs/nginx.crt";
+      sslCertificateKey = "/etc/certs/nginx.key";
+      addSSL = true;
+      extraConfig = "return 444;";
+    };
   };
 }