diff --git a/homelab/fighter/.gitignore b/homelab/fighter/.gitignore
new file mode 100644
index 00000000..d58e81ab
--- /dev/null
+++ b/homelab/fighter/.gitignore
@@ -0,0 +1 @@
+secrets.env
\ No newline at end of file
diff --git a/homelab/fighter/config/traefik/docker-compose.yml b/homelab/fighter/config/traefik/docker-compose.yml
index c6cca33f..be490c57 100644
--- a/homelab/fighter/config/traefik/docker-compose.yml
+++ b/homelab/fighter/config/traefik/docker-compose.yml
@@ -16,9 +16,17 @@ services:
       - ./traefik.yaml:/traefik.yaml
       - ./config:/config
       - $DOCKER_DATA/acme.json:/acme.json
+    secrets:
+      - cloudflare_token
+    environment:
+      - CF_DNS_API_TOKEN=/run/secrets/cloudflare_token
 
 networks:
   web:
     external: true
   monitoring:
     external: true
+
+secrets:
+  cloudflare_token:
+    file: ./cloudflare_secret.txt
\ No newline at end of file
diff --git a/homelab/fighter/config/traefik/traefik.yaml b/homelab/fighter/config/traefik/traefik.yaml
index 58d2e4fa..0da74e08 100644
--- a/homelab/fighter/config/traefik/traefik.yaml
+++ b/homelab/fighter/config/traefik/traefik.yaml
@@ -18,6 +18,17 @@ certificatesResolvers:
       email: jafner425@gmail.com
       storage: acme.json
       tlsChallenge: {}
+  lets-encrypt-dns01:
+    acme:
+      email: jafner425@gmail.com
+      storage: acme.json
+      caserver: https://acme-staging-v02.api.letsencrypt.org/directory
+      dnsChallenge: 
+        provider: cloudflare
+        resolvers:
+          - "1.1.1.1:53"
+          - "8.8.8.8:53"
+        # CF_DNS_API_TOKEN 
 
 api: 
   insecure: true