diff --git a/hosts/rx4/services/nginx.nix b/hosts/rx4/services/nginx.nix
index 22f3a2d..c4c24af 100644
--- a/hosts/rx4/services/nginx.nix
+++ b/hosts/rx4/services/nginx.nix
@@ -13,18 +13,6 @@ in
     inputs.synix.nixosModules.nginx
   ];
 
-  security.acme = {
-    certs."sid-internal" = {
-      domain = constants.services.vaultwarden.fqdn;
-      extraDomainNames = [
-        constants.services.netdata.fqdn
-        constants.services.webdav.fqdn
-      ];
-      server = "https://${constants.ca-fqdn}:8443/acme/acme/directory";
-      group = "nginx";
-    };
-  };
-
   systemd.tmpfiles.rules = [
     "d /var/www 0755 gitea-runner ${cfg.group} -"
   ];
@@ -35,7 +23,7 @@ in
 
   services.nginx = {
     enable = true;
-    openFirewall = true;
+    openFirewall = false;
     forceSSL = false;
 
     virtualHosts = {
@@ -44,31 +32,6 @@ in
           root = "/var/www/doc";
         };
       };
-      "${constants.services.netdata.fqdn}" = {
-        forceSSL = true;
-        useACMEHost = "sid-internal";
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:${toString constants.services.netdata.port}";
-          proxyWebsockets = true;
-        };
-      };
-
-      "${constants.services.vaultwarden.fqdn}" = {
-        forceSSL = true;
-        useACMEHost = "sid-internal";
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:${toString constants.services.vaultwarden.port}";
-        };
-      };
-
-      "${constants.services.webdav.fqdn}" = {
-        forceSSL = true;
-        useACMEHost = "sid-internal";
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:${toString constants.services.webdav.port}";
-          proxyWebsockets = true;
-        };
-      };
     };
   };
 }
diff --git a/hosts/sid/services/coredns.nix b/hosts/sid/services/coredns.nix
index 8a86cb5..27896a5 100644
--- a/hosts/sid/services/coredns.nix
+++ b/hosts/sid/services/coredns.nix
@@ -14,10 +14,10 @@
         hosts {
           ${hosts.sid.ip} ${ca-fqdn} 
 
-          ${hosts.rx4.ip} ${services.netdata.fqdn}
-          ${hosts.rx4.ip} ${services.vaultwarden.fqdn}
-          ${hosts.rx4.ip} ${services.webdav.fqdn}
           ${hosts.rx4.ip} rx4.tail
+          ${hosts.sid.ip} ${services.netdata.fqdn}
+          ${hosts.sid.ip} ${services.vaultwarden.fqdn}
+          ${hosts.sid.ip} ${services.webdav.fqdn}
           ${hosts.sid.ip} sid.tail
           ${hosts.vde.ip} vde.tail
           fallthrough
diff --git a/hosts/sid/services/step-ca.nix b/hosts/sid/services/step-ca.nix
index 34031a2..d3abb11 100644
--- a/hosts/sid/services/step-ca.nix
+++ b/hosts/sid/services/step-ca.nix
@@ -26,7 +26,6 @@ in
       key = config.sops.secrets."step-ca/intermediate-key".path;
       dnsNames = [
         constants.ca-fqdn
-        constants.hosts.rx4.ip
         constants.hosts.sid.ip
       ];
       logger = {