diff --git a/main.go b/main.go
index 350ed85..a38c5a2 100644
--- a/main.go
+++ b/main.go
@@ -19,16 +19,18 @@ import (
 var (
 	rethinkDBHost     = flag.String("rethink-host", "", "RethinkDB host")
 	rethinkDBDatabase = flag.String("rethink-database", "", "RethinkDB database")
-	controlKeyFile    = flag.String("control-key-file", "", "Control host keyfile")
-	controlHost       = flag.String("control-host", "", "Control host onion hash")
+
 	torDataDir        = flag.String("tor-data-dir", "./var", "Tor data directory")
 	torHashedPassword = flag.String("tor-hashed-password", "", "Tor hashed password")
 	torPassword       = flag.String("tor-password", "hunter2", "Tor clear password")
-	webPort           = flag.String("web-port", "9234", "HTTP ingress port for backends and users")
-	sslPort           = flag.String("ssl-port", "", "if set use this port for SSL HTTP requests (certs via LE, you agree to follow their TOS)")
-	domainSuffix      = flag.String("domain-suffix", ".apps.xeserv.us", "Domain name suffix associated with the load balancer")
-	backendPort       = flag.String("backend-port", "36971", "Port for TCP/TLS backends")
-	backendKCPPort    = flag.String("backend-kcp-port", "23154", "Port for KCP/TLS backends")
+
+	webPort        = flag.String("web-port", "9234", "HTTP ingress port for backends and users")
+	sslPort        = flag.String("ssl-port", "", "if set use this port for SSL HTTP requests (certs via LE, you agree to follow their TOS)")
+	backendPort    = flag.String("backend-port", "36971", "Port for TCP/TLS backends")
+	backendKCPPort = flag.String("backend-kcp-port", "23154", "Port for KCP/TLS backends")
+
+	domainSuffix = flag.String("domain-suffix", ".apps.xeserv.us", "Domain name suffix associated with the load balancer")
+	acmeEmail    = flag.String("acme-email", "", "ACME email (must be set for SSL to work)")
 
 	sslCertKey = flag.String("ssl-cert-key", "", "if set encrypt SSL certs with this key")
 )
@@ -41,8 +43,6 @@ func main() {
 	certKey, _ := routecrypto.ParseKey(*sslCertKey)
 
 	s, err := server.New(server.Config{
-		ControlHost:       *controlHost,
-		ControlKeyFile:    *controlKeyFile,
 		RethinkDBHost:     *rethinkDBHost,
 		RethinkDBDatabase: *rethinkDBDatabase,
 		TorDataDir:        *torDataDir,
@@ -63,7 +63,7 @@ func main() {
 		go setupACME(s)
 	}
 
-	l, err := net.Listen("tcp", "0.0.0.0:"+*webPort)
+	l, err := net.Listen("tcp", *webPort)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -71,7 +71,7 @@ func main() {
 
 	hs := &http.Server{
 		Handler: s,
-		Addr:    "0.0.0.0:" + *webPort,
+		Addr:    ":" + *webPort,
 	}
 
 	hs.Serve(l)
@@ -82,12 +82,12 @@ func setupACME(s *server.Server) {
 		Prompt:     autocert.AcceptTOS,
 		Cache:      s.CertCache,
 		HostPolicy: nil,
-		Email:      "xena@yolo-swag.com",
+		Email:      *acmeEmail,
 	}
 
 	hs := &http.Server{
 		Handler: s,
-		Addr:    "0.0.0.0:" + *sslPort,
+		Addr:    ":" + *sslPort,
 		TLSConfig: &tls.Config{
 			GetCertificate: m.GetCertificate,
 		},
diff --git a/server/server.go b/server/server.go
index ab678bf..6c7319e 100644
--- a/server/server.go
+++ b/server/server.go
@@ -6,13 +6,11 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"errors"
-	"io/ioutil"
 	"log"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"net/rpc"
-	"os"
 	"path/filepath"
 	"strings"
 	"time"
@@ -21,7 +19,6 @@ import (
 	"git.xeserv.us/xena/route/lib/elfs"
 	"git.xeserv.us/xena/route/lib/tun2"
 	"git.xeserv.us/xena/route/routerpc"
-	"git.xeserv.us/xena/route/utils"
 	"github.com/Xe/uuid"
 	"github.com/Yawning/bulb"
 	"github.com/brandur/simplebox"
@@ -51,12 +48,21 @@ type Server struct {
 
 // Config configures Server
 type Config struct {
-	ControlHost, ControlKeyFile                    string
-	RethinkDBHost, RethinkDBDatabase               string
-	TorDataDir, TorHashedPassword, TorPassword     string
-	WebPort, DomainSuffix, SSLPort, GRPCClientPort string
-	BackendPort, KCPPort                           string
-	CertKey                                        *[32]byte
+	RethinkDBHost     string
+	RethinkDBDatabase string
+
+	TorDataDir        string
+	TorHashedPassword string
+	TorPassword       string
+
+	WebPort     string
+	SSLPort     string
+	BackendPort string
+	KCPPort     string
+
+	DomainSuffix string
+	ACMEEmail    string
+	CertKey      *[32]byte
 }
 
 // New creates a new Server
@@ -81,27 +87,6 @@ func New(cfg Config) (*Server, error) {
 		return nil, err
 	}
 
-	fin, err := os.Open(cfg.ControlKeyFile)
-	if err != nil {
-		return nil, err
-	}
-	defer fin.Close()
-
-	data, err := ioutil.ReadAll(fin)
-	if err != nil {
-		return nil, err
-	}
-
-	pKey, err := utils.PemToRSAPrivateKey(data)
-	if err != nil {
-		return nil, err
-	}
-
-	_, err = t.AddOnion(pKey, RPCPort, l.Addr().String())
-	if err != nil {
-		return nil, err
-	}
-
 	rpcs := rpc.NewServer()
 
 	s := &Server{
@@ -122,13 +107,15 @@ func New(cfg Config) (*Server, error) {
 		Prompt:     autocert.AcceptTOS,
 		Cache:      s.CertCache,
 		HostPolicy: nil,
-		Email:      "xena@yolo-swag.com",
+		Email:      cfg.ACMEEmail,
 	}
 
-	if cfg.CertKey != nil {
-		s.CertCache.SimpleBox = simplebox.NewFromSecretKey(cfg.CertKey)
+	if cfg.CertKey == nil {
+		return nil, errors.New("no cert decryption key, can't do anything")
 	}
 
+	s.CertCache.SimpleBox = simplebox.NewFromSecretKey(cfg.CertKey)
+
 	tcfg := &tun2.ServerConfig{
 		TCPAddr: cfg.BackendPort,
 		KCPAddr: cfg.KCPPort,