diff --git a/mailsystem/nginx.nix b/mailsystem/nginx.nix
index 03e8f26..c4f01a0 100644
--- a/mailsystem/nginx.nix
+++ b/mailsystem/nginx.nix
@@ -11,12 +11,15 @@ in {
     lib.mkIf cfg.enable {
       services.nginx = {
         enable = true;
-        virtualHosts."${cfg.fqdn}" = {
-          forceSSL = true;
-          enableACME = cfg.certificateScheme == "acme";
-          sslCertificate = lib.mkIf (cfg.certificateScheme == "selfsigned") sslCertPath;
-          sslCertificateKey = lib.mkIf (cfg.certificateScheme == "selfsigned") sslKeyPath;
-        };
+        virtualHosts."${cfg.fqdn}" =
+          {
+            forceSSL = true;
+            enableACME = cfg.certificateScheme == "acme";
+          }
+          // lib.optionalAttrs (cfg.certificateScheme == "selfsigned") {
+            sslCertificate = sslCertPath;
+            sslCertificateKey = sslKeyPath;
+          };
       };
 
       networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [80 443];