diff --git a/nas-compose.env b/nas-compose.env
index 8604ad8..16ce7ce 100644
--- a/nas-compose.env
+++ b/nas-compose.env
@@ -16,6 +16,7 @@ NASCOMPOSE_MACVLAN_PLEX_IP=
 NASCOMPOSE_MACVLAN_PORTAINER_IP=
 
 NASCOMPOSE_TRAEFIK_DOMAINS=
+NASCOMPOSE_TRAEFIK_ADMIN_EMAIL=
 
 NASCOMPOSE_AUTHELIA_DOMAIN=
 NASCOMPOSE_AUTHELIA_SMTP_HOST=
diff --git a/services/reverse-proxy/configs/dynamic/tls.yml b/services/reverse-proxy/configs/dynamic/tls.yml
index 613d455..e58ab35 100644
--- a/services/reverse-proxy/configs/dynamic/tls.yml
+++ b/services/reverse-proxy/configs/dynamic/tls.yml
@@ -1,6 +1,6 @@
 tls:
   stores:
     default:
-      defaultCertificate:
-        certFile: /run/secrets/traefik_tls_cert
-        keyFile: /run/secrets/traefik_tls_key
+      defaultGeneratedCert:
+        resolver: defaultResolver
+        domain:
diff --git a/services/reverse-proxy/configs/traefik.yml b/services/reverse-proxy/configs/traefik.yml
index 7e78621..08d009d 100644
--- a/services/reverse-proxy/configs/traefik.yml
+++ b/services/reverse-proxy/configs/traefik.yml
@@ -13,6 +13,15 @@ serverstransport:
 api: {}
 accessLog: {}
 
+certificatesResolvers:
+  defaultResolver:
+    acme:
+      email: {{ env `NASCOMPOSE_TRAEFIK_ADMIN_EMAIL` }}
+      storage: acme.json
+      dnsChallenge:
+        provider: cloudflare
+      caServer: https://acme-staging-v02.api.letsencrypt.org/directory
+
 entryPoints:
   web:
     address: :80
diff --git a/services/reverse-proxy/docker-compose.yml b/services/reverse-proxy/docker-compose.yml
index 5b886f3..a32256a 100644
--- a/services/reverse-proxy/docker-compose.yml
+++ b/services/reverse-proxy/docker-compose.yml
@@ -6,15 +6,18 @@ services:
     image: traefik
     environment:
       NASCOMPOSE_TRAEFIK_DOMAINS: ${NASCOMPOSE_TRAEFIK_DOMAINS?}
+      NASCOMPOSE_TRAEFIK_ADMIN_EMAIL: ${NASCOMPOSE_TRAEFIK_ADMIN_EMAIL?}
+      CF_DNS_API_TOKEN_FILE: /run/secrets/cf_dns_token
     networks:
       - reverse-proxy
       - docker
     volumes:
+      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_acme:/etc/traefik/acme
       # Config
-      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/:/etc/traefik:ro
+      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/traefik.yml:/etc/traefik/traefik.yml:ro
+      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic:/etc/traefik/dynamic:ro
       # Secrets
-      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/traefik.cert:/run/secrets/traefik_tls_cert:ro
-      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/traefik.key:/run/secrets/traefik_tls_key:ro
+      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/cf_dns_token:/run/secrets/cf_dns_token:ro
     restart: unless-stopped
     labels:
       traefik.enable: true