diff --git a/nixos/machines/driftwood/configuration.nix b/nixos/machines/driftwood/configuration.nix
index 26cf7d8..61dafa0 100644
--- a/nixos/machines/driftwood/configuration.nix
+++ b/nixos/machines/driftwood/configuration.nix
@@ -32,6 +32,17 @@
     defaults = {
       email = "admin@stranger.systems";
     };
+    # Get a wildcard cert
+    certs."wildcard.stranger.systems" = {
+      domain = "stranger.systems";
+      extraDomainNames = ["*.stranger.systems"];
+      dnsProvider = "cloudflare";
+      dnsPropagationCheck = true;
+      credentialFiles = {
+        "CLOUDFLARE_EMAIL_FILE" = "/run/secrets/cloudflare/email";
+        "CLOUDFLARE_API_KEY_FILE" = "/run/secrets/cloudflare/key";
+      };
+    };
   };
 
   # ACME data must be readable by the NGINX user