diff --git a/.github/workflows/push-apply.yml b/.github/workflows/push-apply.yml
index f44062f..b7c6320 100644
--- a/.github/workflows/push-apply.yml
+++ b/.github/workflows/push-apply.yml
@@ -61,4 +61,6 @@ jobs:
             TF_VAR_TG_ADMIN_GROUP_IDS: ${{ secrets.TG_ADMIN_GROUP_IDS }}
             TF_VAR_GOOGLEVERIFICATION: ${{ secrets.GOOGLEVERIFICATION }}
             TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }}
+            TF_VAR_DOMAIN: ${{ secrets.DOMAIN }}
+            TF_VAR_CERTBOT_EMAIL: ${{ secrets.CERTBOT_EMAIL }}
         run: tofu apply -input=false -auto-approve
\ No newline at end of file
diff --git a/docker/docker-compose.prod.tls-registry.yml b/docker/docker-compose.prod.tls-registry.yml
index 494257f..02d8450 100644
--- a/docker/docker-compose.prod.tls-registry.yml
+++ b/docker/docker-compose.prod.tls-registry.yml
@@ -8,7 +8,7 @@ services:
       - "80:80"
       - "443:443"
     environment:
-      - CERTBOT_EMAIL=${CERTBOT_EMAIL}
+      - CERTBOT_EMAIL=${CERTBOT_EMAIL:?error}
     volumes:
       - nginx-secrets:/etc/letsencrypt
       - ./nginx-conf/user_conf.d:/etc/nginx/user_conf.d
diff --git a/infrastructure/main.tf b/infrastructure/main.tf
index f6e9900..e7922ea 100644
--- a/infrastructure/main.tf
+++ b/infrastructure/main.tf
@@ -30,6 +30,8 @@ data "cloudinit_config" "config" {
     content = templatefile("${path.module}/templates/user-data.sh.tftpl",
       {
         REPO_URL = local.REPO_URL
+        DOMAIN = var.DOMAIN
+        CERTBOT_EMAIL = var.CERTBOT_EMAIL
     })
   }
 
@@ -58,6 +60,13 @@ resource "digitalocean_domain" "hytky" {
   name = "hytky.org"
 }
 
+resource "digitalocean_record" "root" {
+  domain = digitalocean_domain.hytky.name
+  type   = "A"
+  name   = "@"
+  value  = digitalocean_droplet.webserver.ipv4_address
+}
+
 resource "digitalocean_record" "www" {
   domain = digitalocean_domain.hytky.name
   type   = "A"
diff --git a/infrastructure/templates/user-data.sh.tftpl b/infrastructure/templates/user-data.sh.tftpl
index 3ae37d8..6c0bbc3 100644
--- a/infrastructure/templates/user-data.sh.tftpl
+++ b/infrastructure/templates/user-data.sh.tftpl
@@ -18,7 +18,13 @@ git clone ${REPO_URL} /opt/webapp
 mv /opt/secrets/.* /opt/webapp/
 rmdir /opt/secrets
 
+%{ if DOMAIN != "" }
+echo "NEXTAUTH_URL=https://${DOMAIN}" | tee -a /opt/webapp/.env
+sed -i '' 's/sub.yourdomain.org/${DOMAIN}/g' /opt/webapp/docker/nginx-conf/user_conf.d/tls.conf
+export CERTBOT_EMAIL=${CERTBOT_EMAIL}
+docker compose -f /opt/webapp/docker/docker-compose.prod.tls-registry.yml up -d 
+%{ else }
 IP=$(ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1 | awk -F. '$1>=1 && $1<=126 || $1>=128 && $1<=191' | head -n 1)
 echo "NEXTAUTH_URL=http://$IP" | tee -a /opt/webapp/.env
-
-docker compose -f /opt/webapp/docker/docker-compose.prod.from-registry.yml up -d 
\ No newline at end of file
+docker compose -f /opt/webapp/docker/docker-compose.prod.from-registry.yml up -d 
+%{ endif }
diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf
index 444f5e1..c5114bb 100644
--- a/infrastructure/variables.tf
+++ b/infrastructure/variables.tf
@@ -1,3 +1,16 @@
+variable "DOMAIN" {
+  description = "Domain Name"
+  type        = string
+  default     = ""
+}
+
+variable "CERTBOT_EMAIL" {
+  description = "The email address to use for Let's Encrypt"
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
 variable "do_token" {
   description = "Digital Ocean Token"
   type        = string