diff --git a/module.nix b/module.nix
index d8b90db..40b9cf2 100644
--- a/module.nix
+++ b/module.nix
@@ -2,22 +2,22 @@
 with lib;
 let
   cfg = config.services.danilafe-blog;
-  sslForDomain = domain: (cfg.ssl == true) || (cfg.ssl."${domain}" or false);
-  anySsl = any sslForDomain (attrNames cfg.domains);
+  sslForDomain = domain: package: package.ssl;
+  anySsl = any id (mapAttrsToList sslForDomain cfg.domains);
   virtualHost = domain: package:
     {
       virtualHosts."${domain}" = mkMerge [
         {
           root = package;
         }
-        (mkIf (sslForDomain domain) {
+        (mkIf (sslForDomain domain package) {
           addSSL = true;
           enableACME = true;
           acmeRoot = cfg.challengePath;
         })
       ];
     };
-  service = domain:
+  service = domain: package:
     {
       # Workaround for new configuration setting all of /var to be readonly.
       # See https://github.com/NixOS/nixpkgs/issues/139310
@@ -26,16 +26,11 @@ let
       };
     };
   virtualHosts = mapAttrsToList virtualHost cfg.domains;
-  services = map service (filter sslForDomain (attrNames cfg.domains));
+  services = mapAttrsToList service (filterAttrs sslForDomain cfg.domains);
 in
   {
     options.services.danilafe-blog = {
       enable = mkEnableOption "Daniel's blog service";
-      ssl = mkOption {
-        type = types.either types.bool (types.attrsOf types.bool);
-        default = false;
-        description = "Enable SSL and ACME for all or some domains.";
-      };
       domains = mkOption {
         type = types.attrsOf types.package;
         default = {};