diff --git a/main.go b/main.go
index 027db9e..ca3ea72 100644
--- a/main.go
+++ b/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/tls"
 	"flag"
 	"log"
 	"math/rand"
@@ -9,9 +10,9 @@ import (
 	"time"
 
 	"git.xeserv.us/xena/route/server"
-
 	"github.com/facebookgo/flagenv"
 	_ "github.com/joho/godotenv/autoload"
+	"golang.org/x/crypto/acme/autocert"
 )
 
 var (
@@ -23,6 +24,7 @@ var (
 	torHashedPassword = flag.String("tor-hashed-password", "", "Tor hashed password")
 	torPassword       = flag.String("tor-password", "hunter2", "Tor clear password")
 	webPort           = flag.String("web-port", "9234", "HTTP ingress port for backends and users")
+	sslPort           = flag.String("ssl-port", "", "if set use this port for SSL HTTP requests (certs via LE, you agree to follow their TOS)")
 	domainSuffix      = flag.String("domain-suffix", ".apps.xeserv.us", "Domain name suffix associated with the load balancer")
 )
 
@@ -40,12 +42,17 @@ func main() {
 		TorHashedPassword: *torHashedPassword,
 		TorPassword:       *torPassword,
 		WebPort:           *webPort,
+		SSLPort:           *sslPort,
 		DomainSuffix:      *domainSuffix,
 	})
 	if err != nil {
 		log.Fatal(err)
 	}
 
+	if *sslPort != "" {
+		go setupACME(s)
+	}
+
 	l, err := net.Listen("tcp", "127.0.0.1:"+*webPort)
 	if err != nil {
 		log.Fatal(err)
@@ -59,3 +66,24 @@ func main() {
 
 	hs.Serve(l)
 }
+
+func setupACME(s *server.Server) {
+	dc := autocert.DirCache("./var/certs")
+
+	m := autocert.Manager{
+		Prompt:     autocert.AcceptTOS,
+		Cache:      dc,
+		HostPolicy: nil,
+		Email:      "xena@yolo-swag.com",
+	}
+
+	hs := &http.Server{
+		Handler: s,
+		Addr:    "127.0.0.1:" + *sslPort,
+		TLSConfig: &tls.Config{
+			GetCertificate: m.GetCertificate,
+		},
+	}
+
+	hs.ListenAndServeTLS("", "")
+}
diff --git a/server/server.go b/server/server.go
index 295fa92..b03c2ee 100644
--- a/server/server.go
+++ b/server/server.go
@@ -46,7 +46,7 @@ type Config struct {
 	ControlHost, ControlKeyFile                string
 	RethinkDBHost, RethinkDBDatabase           string
 	TorDataDir, TorHashedPassword, TorPassword string
-	WebPort, DomainSuffix                      string
+	WebPort, DomainSuffix, SSLPort             string
 }
 
 // New creates a new Server
@@ -143,7 +143,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	r.Header.Set("X-Remote-IP", host)
 	r.Header.Set("X-Request-Ingress", time.Now().String())
 
-	if r.RequestURI == rpc.DefaultRPCPath && r.Host == "127.0.0.1:"+s.cfg.WebPort {
+	if r.RequestURI == rpc.DefaultRPCPath && r.Host == "" {
 		s.rpcS.ServeHTTP(w, r)
 		return
 	}