@@ -41,15 +41,6 @@ [services.concurrency]
     type = "requests"
     soft_limit = 15000
 
-  [[services.http_checks]]
-    grace_period = "10s"
-    protocol = "https"
-    tls_server_name = "alanpearce.eu"
-    interval = "10s"
-    method = "GET"
-    timeout = "1s"
-    path = "/health"
-
 [[vm]]
   size = "shared-cpu-1x"
 

@@ -5,6 +5,7 @@ "context"
 	"crypto/x509"
 	"net"
 	"net/http"
+	"slices"
 	"strconv"
 
 	"go.alanpearce.eu/x/listenfd"
@@ -34,6 +35,9 @@ }
 
 func (s *Server) serveTLS() (err error) {
 	log := s.log.Named("tls")
+
+	wildcardDomain := "*." + s.config.WildcardDomain
+	certificateDomains := slices.Clone(s.config.Domains)
 
 	// setting cfg.Logger is too late somehow
 	certmagic.Default.Logger = log.GetLogger().Named("certmagic")
@@ -96,6 +100,8 @@ },
 			},
 		})
 
+		certificateDomains = append(slices.Clone(s.config.Domains), wildcardDomain)
+
 		log.Info("acme", "username", acme.Username, "subdomain", acme.Subdomain, "server_url", acme.ServerURL)
 
 		rs := certmagic_redis.New()
@@ -164,7 +170,7 @@ s.runtimeConfig.Port,
 		"https_port",
 		s.runtimeConfig.TLSPort,
 	)
-	err = cfg.ManageAsync(context.TODO(), s.config.Domains)
+	err = cfg.ManageAsync(context.TODO(), certificateDomains)
 	if err != nil {
 		return errors.Wrap(err, "could not enable TLS")
 	}