diff --git a/dot_config/flake/machines/saffron/configuration.nix b/dot_config/flake/machines/saffron/configuration.nix
index eb29af7..ae43808 100644
--- a/dot_config/flake/machines/saffron/configuration.nix
+++ b/dot_config/flake/machines/saffron/configuration.nix
@@ -25,11 +25,19 @@
 
   networking.hostName = "saffron"; # Define your hostname.
 
-  # Caddy reverse proxy
+  # Caddy reverse proxy with DNS challenge
   services.caddy = {
     enable = true;
+    package = pkgs.caddy.withPlugins {
+      plugins = ["github.com/caddy-dns/cloudflare"];
+      vendorHash = "sha256-A9V8WgJnalU3YzuKu3D1wJjSC1MQaH2HvOvBdLzFWl4=";
+    };
+    environmentFile = "/etc/caddy/environment";
     virtualHosts."rss.mayoff.ca" = {
       extraConfig = ''
+        tls {
+          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        }
         reverse_proxy MINIFLUX_TAILSCALE_IP:PORT
       '';
     };